[j-nsp] how to disconnect/kill tcp session from juniper router

Saku Ytti saku at ytti.fi
Fri Nov 25 04:54:59 EST 2016


On 25 November 2016 at 09:45, Phil Shafer <phil at juniper.net> wrote:

Hey,

>>Someone is brute-forcing Your router password, and that is very common
>>nowadays. Good loopback filter would prevent this.
>
> Amen to this and all your other points, esp re: avoiding telnet in
> favor of ssh.

Agreed, SSH all the way, but you should still allow only connection
attempts from trusted sources. Who knows what kind of 0day issues
remain, which don't require successful auth, but require TCP to
establish.

One funny, likely with no security implications, but demonstrates how
wide the vectors may be, just by accepting TCP:

ruby -rnet/ssh -e
'Net::SSH.start(ARGV[0],"foo\x1dbar",{password:"",number_of_password_prompts:0})'
SOME_JUNOS_ROUTER

Review 'show log messages' after.

-- 
  ++ytti


More information about the juniper-nsp mailing list