[j-nsp] Juniper UDP Amplification Attack - UDP port 111 ?
Chris Adams
cma at cmadams.net
Mon Mar 26 12:31:49 EDT 2018
Once upon a time, Chris Cappuccio <chris at nmedia.net> said:
> Olivier Benghozi [olivier.benghozi at wifirst.fr] wrote:
> > So it most probably comes with "upgraded Junos with FreeBSD 10", that is 15.1+ on MX with intel CPUs.
> >
> > There's something fun described on PR1167786 about similar behaviour: "Due to Junos Release 15.1 enabling process rpcbind in FreeBSD by default, port 646 might be grabbed by rpcbind on startup, which causes LDP sessions failing to come up."
> >
>
> This should be really embarrasing to Juniper...
Got an MX204 - all the things left running on the Wind River Linux VM
host are pretty embarrassing (even if there's no actual network access
and so not a security issue). I have no need on a router for RPC, BIND,
Gluster, NFS, Zeroconf, Postfix, or dnsmasq; I'm not sure about Open
vSwitch (haven't looked to see if JUNOS is using that or something).
Some of it looks like libvirt was installed and left with defaults, like
autostarting a private network configured for NAT and dnsmasq. That
also probably pulled in NFS, Gluster, and Open vSwitch.
--
Chris Adams <cma at cmadams.net>
More information about the juniper-nsp
mailing list