Sign in / up

back to article Easily spoofed traffic can crash routers, Juniper warns

Juniper Networks is warning customers of a critical flaw in its gateway routers that allows attackers to crash the devices by sending them small amounts of easily-spoofed traffic. In an advisory sent Wednesday afternoon, the networking company said a variety of devices could be forced to reboot by sending them internet packets …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Anonymous Coward
    FAIL

    FAIL

    This appears to demonstrate a serious omission of very basic levels of testing.

    0 0
    1. Nexox Enigma
      Reply Icon

      No kidding...

      Seems like with the history of malformed headers destroying network devices, their QA process would include some basic testing along those lines. It'd be pretty simple to test all combination of options in the headers for every protocol the device can parse, and header fuzzing isn't exactly complicated either... Makes you wonder what they're doing over there.

      0 0
  2. Matt Ryan
    Thumb Down

    Serious bug...

    Oh dear, the Juniper fanbois are only slightly less manic than Apple one's - I'm sure an IOS vs JunOS security/stability debate would not get excitable readers posting gumph.

    0 0
  3. Anonymous Coward
    Thumb Up

    one man's loss is another man's gain

    haha, this article saved my ass. I'm working from home today and had problems access our juniper network...kept trying to explain to the boss that there is a problem....and the IT people are saying.."no, everything is ok"...so I was like..."in your face IT people....hear it from the horse's mouth ;)"

    doesn't this remind of the say "one man's loss is another man's gain" ;)

    0 0
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      well ...

      Unless your juniper routers were rebooting all day today (which should be pretty easy to check) this is pretty much irrelevant to your efforts to connect from home ...

      0 0
  4. @JuniperPhilly

    it's probably not as bad as you might think

    All Junos software releases built on or after January 28, 2009 have fixed this specific issue.

    In short, we fixed this particular problem about 350 days ago.

    Given that regular (non-Extended End of Life) Junos releases have a 9 month shelf life there's a really good chance that your Junos devices were already running a release that does not have this specific issue before you learned of the issue.

    If you're still running a version of Junos that's older than January 27, 2009, you should plan your upgrade properly and begin upgrading your devices in a methodical way.

    If you need some more information, please reach out to your Juniper account team and your Juniper reseller.

    There's also a lot of great information on Junos Central. http://www.juniper.net/junos/

    Disclaimer: I work for Juniper as a Systems Engineer.

    0 0
  5. Prefect
    Badgers

    Not a big deal?

    I guess that's why Quest had an unannounced outage, because it wasn't a big deal :)

    "We just had a qwest outage of about 2 mins at 1:41am pst. When I called to report it I was told it was a 200+ emergency software upgrade due to a security concern, and that we will get a notice later after the fact. Normally we get notices in advance, even for software upgrades due to security or other important issues, so I am curious if other qwest customers had the same experience and wether this is how it's going to be from here on in? The affected platform was juniper and I'd love to know the specfic case being addressed here." - Mike

    Source: http://thread.gmane.org/gmane.org.operators.nanog/71244

    0 0
  6. Prefect

    Not so bad eh?

    "In short, we fixed this particular problem about 350 days ago."

    Well, sort of. The criticality of the defect was certainly reclassified, so the fix made a while back actually seems divorced from the discovery that this problem leads to a kernel crash based on a remote exploit. The Juniper advisory itself reads this way, suggesting that the fix was made without knowing that it was a fix for a remote exploit. This is not that uncommon, problems are fixed for one reason, without ever knowing there was an even better reason for correcting it.

    But routers, especially high capacity ones, are only patched for serious reasons. So a defect identified but not reported in the same way back in January 2009 does not carry the affect of releasing a bulletin labeled critical yesterday. The second makes people maintaining those routers move, as the example below shows.

    Qwest, like other backbone providers, doesn’t have unannounced outages for unspecified security concerns over “not as bad as you might think” issues:

    http://praetorianprefect.com/archives/2010/01/junos-juniper-kernel-crash-video/

    0 0
This topic is closed for new posts.