[nsp-sec] Crafted bgp update msg may cause slave re tocrashJunOS.

Paul Goyette pgoyette at juniper.net
Thu Sep 18 18:56:55 EDT 2008 

MD5 check happens at the tcp layer, and packets that fail
don't get delivered to the application (ie, BGP) layer.

Paul Goyette
Juniper Networks Customer Service
JTAC Senior Escalation Engineer
Juniper Security Incident Response Team
PGP Key ID 0x53BA7731 Fingerprint:
  FA29 0E3B 35AF E8AE 6651
  0786 F758 55DE 53BA 7731 

> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net 
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of 
> Smith, Donald
> Sent: Thursday, September 18, 2008 3:51 PM
> To: Sayadian, Greg; morrowc at ops-netman.net
> Cc: robt at cymru.com; nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] Crafted bgp update msg may cause slave 
> re tocrashJunOS.
> 
> ----------- nsp-security Confidential --------
> 
> Given that it is an update it should. Routers shouldn't 
> process them without a valid md5 when that auth is enabled.
> That is supposed to be the first check:)
>  
>  
> donald.smith at qwest.com giac
> 
> ________________________________
> 
> From: Sayadian, Greg [mailto:greg.sayadian at corp.aol.com]
> Sent: Thu 9/18/2008 4:14 PM
> To: morrowc at ops-netman.net; Smith, Donald
> Cc: robt at cymru.com; nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] Crafted bgp update msg may cause slave 
> re to crashJunOS.
> 
> 
> 
> Does md5 hashing save you?
> ------Original Message------
> From: Chris Morrow
> To: Smith, Donald
> Cc: Rob Thomas
> Cc: nsp-security at puck.nether.net
> Sent: Sep 18, 2008 5:17 PM
> Subject: Re: [nsp-sec] Crafted bgp update msg may cause slave 
> re to crashJunOS.
> 
> ----------- nsp-security Confidential --------
> 
> maybe paul can shed some light? or barry?? I've seen a few RE 
> crashes on
> our side that ended up looking like some wierd routing update thing :(
> 
> -Chris
> 
> On Thu, 18 Sep 2008, Smith, Donald wrote:
> 
> > ----------- nsp-security Confidential --------
> >
> > I have not tried to recreate this in the lab.
> > Because I don't have any detailed information.
> >
> > donald.smith at qwest.com giac
> >
> > ________________________________
> >
> > From: Rob Thomas [mailto:robt at cymru.com]
> > Sent: Thu 9/18/2008 2:59 PM
> > To: Smith, Donald
> > Cc: nsp-security at puck.nether.net
> > Subject: Re: [nsp-sec] Crafted bgp update msg may cause 
> slave re to crashJunOS.
> >
> >
> >
> > Are there any specific packet characteristics (number of 
> octets, flags,
> > something) on which flow queries could be based?  :)
> >
> >
> > Smith, Donald wrote:
> >> ----------- nsp-security Confidential --------
> >>
> >> Most of you should have already seen this.
> >>
> >> Subject: New Juniper Technical Bulletin - PSN-2008-09-005
> >>
> >> The Juniper Networks Technical Assistance Center (JTAC) 
> announces the
> >> following Technical Bulletin that is available on our 
> Customer Support
> >> Center website.
> >>
> >> You will need a valid login ID on www.juniper.net in order 
> to view the
> >> full description.
> >>
> >> Technical Bulletin Subject: Crafted BGP UPDATE messages 
> can cause slave
> >> Routing Engines to crash
> >>
> >> Detailed information can be found at the following URL 
> (login required):
> >> 
> http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN
> -2008-09-0
> >> 05&actionBtn=Search
> >>
> >> If you do not have a valid login ID, you can submit your 
> application at
> >> the following URL:
> >> http://www.juniper.net/registration/register.jsp
> >>
> >> NOTE: A Technical Bulletin is a formal notice regarding 
> critical and/or
> >> potentially service-affecting hardware and software 
> product issues. The
> >> Technical Bulletin process allows the proactive communication of
> >> pertinent information to both customers and partners.
> >>
> >> For further information, please contact the Juniper 
> Technical Assistance
> >> Center(JTAC) by e-mail at support at juniper.net, or by phone:
> >>
> >> (888) 314-JTAC (within the US)
> >> +1 408-745-2121 (outside the US)
> >>
> >>
> >>
> >> H8Hz
> >> Donald.Smith at qwest.com giac
> >>
> >>
> >> This communication is the property of Qwest and may 
> contain confidential or
> >> privileged information. Unauthorized use of this 
> communication is strictly
> >> prohibited and may be unlawful.  If you have received this 
> communication
> >> in error, please immediately notify the sender by reply 
> e-mail and destroy
> >> all copies of the communication and any attachments.
> >>
> >>
> >> _______________________________________________
> >> nsp-security mailing list
> >> nsp-security at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/nsp-security
> >>
> >> Please do not Forward, CC, or BCC this E-mail outside of 
> the nsp-security
> >> community. Confidentiality is essential for effective 
> Internet security counter-measures.
> >> _______________________________________________
> >
> > --
> > Rob Thomas
> > Team Cymru
> > http://www.team-cymru.org/
> > cmn_err(CEO_PANIC, "Out of coffee!");
> >
> >
> >
> >
> >
> > _______________________________________________
> > nsp-security mailing list
> > nsp-security at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/nsp-security
> >
> > Please do not Forward, CC, or BCC this E-mail outside of 
> the nsp-security
> > community. Confidentiality is essential for effective 
> Internet security counter-measures.
> > _______________________________________________
> >
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the 
> nsp-security
> community. Confidentiality is essential for effective 
> Internet security counter-measures.
> _______________________________________________
> 
> 
> <><
> Greg Sayadian
> IT Security 
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the 
> nsp-security
> community. Confidentiality is essential for effective 
> Internet security counter-measures.
> _______________________________________________
>

More information about the nsp-security mailing list