[j-nsp] IPv6 Routing Header Security
Harry Reynolds
harry at juniper.net
Tue Jul 29 15:17:00 EDT 2008
Which version?
I believe that starting in 8.5 the default was changed to *not* process
ipv6 source route, and at same time some new cli statements were
introduced to reenable (and for v4 also).
regress at foo# set routing-options source-routing ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these
groups
ip Enable IP Source Routing
ipv6 Enable Type 0 RouteHeader processing
{backup}[edit]
regress at foo# run show version
Hostname: foo
Model: m20
JUNOS Base OS boot [9.2R1.1]
JUNOS Base OS Software Suite [9.2R1.1]
HTHs
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of
> Stefan Fouant
> Sent: Tuesday, July 29, 2008 12:06 PM
> To: Juniper-Nsp
> Subject: [j-nsp] IPv6 Routing Header Security
>
> Anyone here know if there is a simple way to disable IPv6
> Routing Header processing, particularly the 'Routing Type'
> field originally designated for loose/strict source routing?
> I looked through the JUNOS docs and it appears they DO
> process this header, and there currently is NO way to disable
> it. There are several RH0 related threats and vulnerabilities
> which are well known at this point, so I won't get into them
> here, but it would be nice to disable this on Juniper routers.
>
> --
> Stefan Fouant
> Principal Network Engineer
> NeuStar, Inc. - http://www.neustar.biz
> GPG Key ID: 0xB5E3803D
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list