[j-nsp] IPv6 Routing Header Security

Stefan Fouant sfouant at gmail.com
Tue Jul 29 15:26:20 EDT 2008 

Awesome man... Thanks for that... Now if only we can get the search
engine on the Juniper site to display more relevant information... ;)



On 7/29/08, Harry Reynolds <harry at juniper.net> wrote:
> Which version?
>
> I believe that starting in 8.5 the default was changed to *not* process
> ipv6 source route, and at same time some new cli statements were
> introduced to reenable (and for v4 also).
>
> regress at foo# set routing-options source-routing ?
> Possible completions:
> + apply-groups         Groups from which to inherit configuration data
> + apply-groups-except  Don't inherit configuration data from these
> groups
>   ip                   Enable IP Source Routing
>   ipv6                 Enable Type 0 RouteHeader processing
>
>
> {backup}[edit]
> regress at foo# run show version
> Hostname: foo
> Model: m20
> JUNOS Base OS boot [9.2R1.1]
> JUNOS Base OS Software Suite [9.2R1.1]
>
>
> HTHs
>
>
>> -----Original Message-----
>> From: juniper-nsp-bounces at puck.nether.net
>> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of
>> Stefan Fouant
>> Sent: Tuesday, July 29, 2008 12:06 PM
>> To: Juniper-Nsp
>> Subject: [j-nsp] IPv6 Routing Header Security
>>
>> Anyone here know if there is a simple way to disable IPv6
>> Routing Header processing, particularly the 'Routing Type'
>> field originally designated for loose/strict source routing?
>> I looked through the JUNOS docs and it appears they DO
>> process this header, and there currently is NO way to disable
>> it. There are several RH0 related threats and vulnerabilities
>> which are well known at this point, so I won't get into them
>> here, but it would be nice to disable this on Juniper routers.
>>
>> --
>> Stefan Fouant
>> Principal Network Engineer
>> NeuStar, Inc. - http://www.neustar.biz
>> GPG Key ID: 0xB5E3803D
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>

-- 
Sent from Gmail for mobile | mobile.google.com

Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
GPG Key ID: 0xB5E3803D

More information about the juniper-nsp mailing list