[j-nsp] CVE-2023-4481
David Sinn
dsinn at dsinn.com
Tue Aug 29 18:42:41 EDT 2023
A network I operate is going with:
bgp-error-tolerance {
malformed-route-limit 0;
}
The thoughts being that there is no real reason to retain the malformed route and the default of 1000 is arbitrary. We haven't really seen a rash of them, so adjusting the logging hasn't proven needed yet.
I don't have anything running 14.x to test, but per the documentation the above should be supported from 13.2.
David
> On Aug 29, 2023, at 2:06 PM, Randy Bush via juniper-nsp <juniper-nsp at puck.nether.net> wrote:
>
> do we have a recommended `bgp-error-tolerance {}` config to deal with
> CVE-2023-4481?
>
> and what does one do on antique hardwhere with. e.g., junos 14?
>
> randy
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list