[j-nsp] IPv6 Routing Header Security

Harry Reynolds harry at juniper.net
Tue Jul 29 15:17:00 EDT 2008


Which version?

I believe that starting in 8.5 the default was changed to *not* process
ipv6 source route, and at same time some new cli statements were
introduced to reenable (and for v4 also).

regress at foo# set routing-options source-routing ?
Possible completions:
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these
groups
  ip                   Enable IP Source Routing
  ipv6                 Enable Type 0 RouteHeader processing


{backup}[edit]
regress at foo# run show version                           
Hostname: foo
Model: m20
JUNOS Base OS boot [9.2R1.1]
JUNOS Base OS Software Suite [9.2R1.1]


HTHs


> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of 
> Stefan Fouant
> Sent: Tuesday, July 29, 2008 12:06 PM
> To: Juniper-Nsp
> Subject: [j-nsp] IPv6 Routing Header Security
> 
> Anyone here know if there is a simple way to disable IPv6 
> Routing Header processing, particularly the 'Routing Type' 
> field originally designated for loose/strict source routing?  
> I looked through the JUNOS docs and it appears they DO 
> process this header, and there currently is NO way to disable 
> it. There are several RH0 related threats and vulnerabilities 
> which are well known at this point, so I won't get into them 
> here, but it would be nice to disable this on Juniper routers.
> 
> --
> Stefan Fouant
> Principal Network Engineer
> NeuStar, Inc. - http://www.neustar.biz
> GPG Key ID: 0xB5E3803D
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 


More information about the juniper-nsp mailing list