Menu
Juniper routers open to attack

Juniper routers open to attack

A flaw has cropped up in Juniper's router operating system that can cause the systems to crash and reboot.

Juniper discovered a potential TCP vulnerability that affects certain releases of Junos software during "routine internal product testing," the company said. A Juniper spokesperson would not make an advisory on it available to Network World for publication.

[ HISTORY LESSON: Security flaws occupy router vendors, ISPs ]

But a report in Australia's iTnews.com states that by sending a specially crafted transmission control protocol (TCP) packet to a listening port on a Juniper Routing Engine, an exploiter can make the kernel in Junos crash, and cause routers to switch over or reboot.

Versions of Junos older than those released on Jan. 17 are affected, according to iTnews, with newer ones containing a fix for the problem. The site, which apparently has access to the Juniper advisory, also states that the Juniper advisory recommends using access lists or firewall filters for the routers, deployed on both the edge and control plane.

The Juniper advisory also suggests implementing source address anti-spoofing to prevent traffic from bogus addresses reaching the devices, according to iTnews. The site also say unicast reverse path forwarding -- which checks if the IP address in a packet is reachable and if not, drops it -- can also be used to mitigate against the attack, together with RFC 3682 time-to-live security.

The Juniper spokesperson said the company is not aware of any malicious exploitation of the vulnerability.

"We are encouraging our customers to contact Juniper's Customer Support Center for a detailed advisory and solution implementation," the spokesperson stated in an email. "As a networking and security leader, we work closely with our customers to protect and defend their networks, and are committed to the responsible disclosure of security vulnerabilities."

Jim Duffy has been covering technology for over 25 years, 21 at Network World. He also writes The Cisco Connection blog and can be reached on Twitter @Jim_Duffy.

Read more about lan and wan in Network World's LAN & WAN section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Networkingrouterroutersjunipernetworking hardwareJunossecurity vulnerabilityLAN & WANrouter crashes

More about CiscoJuniper NetworksLAN

Show Comments
[]