[j-nsp] Juniper UDP Amplification Attack - UDP port 111 ?
Pierre Emeriaud
petrus.lt at gmail.com
Fri Mar 16 05:12:35 EDT 2018
2018-03-16 3:06 GMT+01:00 Roland Dobbins <rdobbins at arbor.net>:
>
> On 16 Mar 2018, at 8:59, Chris Kawchuk wrote:
>
>> Just a heads up; I'm probably not the first person to see this--
>
>
> This is rpcbind/portmapper, FYI, which is often abused for
> reflection/amplification attacks.
>
> I'm assuming vMX is a virtual MX - if so, are you sure the issue isn't on
> the hypervisor host?
>
> If not, definitely seems like a bug which should be reported to JSIRT.
this is definitely not on the host:
user at mx960> show system connections inet | match .111
tcp4 0 0 *.111 *.*
LISTEN
udp4 0 0 *.111 *.*
Chris, besides filters, using un-announced prefixes for your backbone
would prevent this kind of issues (and some others).
More information about the juniper-nsp
mailing list