[j-nsp] Juniper UDP Amplification Attack - UDP port 111 ?
Chris Kawchuk
juniperdude at gmail.com
Thu Mar 15 22:12:09 EDT 2018
Yeah, not on the hypervisor. Im SR-IOV'ing that interface via an Intel 82599-based 10G port into vMX in RIOT-PERF mode
The hypervisor can't see the NIC interface at that point (due to PCIe-passthrough).
Anyways - as mentioned, I'll re-write my lo0.0 for "accept-useful-stuff-and-deny-all-else" logic as I should have done in the first place. =P
...thats what happens when you do things in a rush.
- CK.
On 16 Mar 2018, at 1:06 pm, Roland Dobbins <rdobbins at arbor.net> wrote:
>
> On 16 Mar 2018, at 8:59, Chris Kawchuk wrote:
>
>> Just a heads up; I'm probably not the first person to see this--
>
> This is rpcbind/portmapper, FYI, which is often abused for reflection/amplification attacks.
>
> I'm assuming vMX is a virtual MX - if so, are you sure the issue isn't on the hypervisor host?
>
> If not, definitely seems like a bug which should be reported to JSIRT.
More information about the juniper-nsp
mailing list