WatchGuard Wire
Improve Your Security IQ
JUNOS DoS vulnerability can crash unpatched Juniper routers
8 January 2010 -- If you have a Juniper router, you want to
make double sure you've updated it since last January.
According to a post
on the Praetorian Prefect
security blog, Juniper recently sent a security alert warning their
customers about a critical DoS vulnerability that affects all versions
of JUNOS (the operating system that runs on their routers).
Unfortunately, Juniper enforces something they call their "Entitled
Disclosure Policy," which means they only share their security alerts
with their customers -- so I can't link you to Juniper's alert.
However, the Praetorian Prefect blog does describe this JUNOS flaw in
some technical detail. In a nutshell, by sending a packet with a
specially malformed TCP option to a Juniper router, an attacker can
crash and reboot your router. Furthermore, the attacker could
repeatedly exploit this flaw to essentially knock your core router
offline, preventing your whole network from reaching the Internet.
This Denial
of Service (DoS) attack does require the vulnerable Juniper router
to be listening on some port. However, most routers must listen
on certain ports to do their jobs (for instance, core routers must
listen for BGP traffic
to know how to route things on the Internet). On top of that, the JUNOS
firewall filter does not prevent this attack.
Many big ISPs and businesses use Juniper routers. Any attack that
allows hackers to crash them on a whim poses a very big security
threat. However, there is good news. Apparently, Juniper fixed this
flaw way back in January 28th, 2009. At the time, Juniper apparently
didn't consider this flaw a security issue. However, they've since
realized its security significance, and thus, released this new
advisory.
If you've updated your JUNOS software within the past year, it
sounds like you don't have to worry about this vulnerability. However,
many administrators consider routers "fire-and-forget" devices; once
installed, routers may not get upgraded as often as other devices. If
you own a Juniper router, search Juniper's site for PSN-2010-01-623,
and read its solution section to make sure you have the corrected
version of JUNOS. --
Corey
Nachreiner,
CISSP
As an aside, the folks at the
Praetorian Prefect blog have created a video showing this attack in
action. If you are interested in seeing how easily an attacker can
crash an unpatched Juniper router, check
this out.
Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.
|
