Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Easily spoofed traffic can crash routers, Juniper warns

07 Jan 2010   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Easily spoofed traffic can crash routers, Juniper warns

Quote:
Juniper Networks is warning customers of a critical flaw in its gateway routers that allows attackers to crash the devices by sending them small amounts of easily-spoofed traffic.
In an advisory sent Wednesday afternoon, the networking company said a variety of devices could be forced to reboot by sending them internet packets with maliciously formed TCP options. The flaw affects versions 3 through 10 of Junos, the operating system that powers devices at ISPs, backbones, and other large networks. Software releases built on or after January 28, 2009 have already fixed the issue.
More -
Easily spoofed traffic can crash routers, Juniper warns ? The Register


My System SpecsSystem Spec
.

07 Jan 2010   #2
dmex

 

"Because of Juniper's 'Entitled Disclosure Policy,' only our customers and partners are allowed access to the details of the Security Advisory," the spokeswoman wrote.

Microsoft tried to keep details of advisories secret years ago and it did no one any good whatsoever and the question I heard Microsoft consistently asked is How many years has it been there and exploited? Juniper is not the only technically competent people using the internet and their hardware and so should grow up
My System SpecsSystem Spec
08 Jan 2010   #3
Digerati

Windows 7 Profession 64-bit
 
 

There are a couple disturbing issues here.

1. Software releases built on or after January 28, 2009 have already fixed the issue. So the fix has been out there for a year - if this is still a problem, then the ISP is at fault for not upgrading their software, not Juniper. Now granted, updating software on major network/ISP routers is a big ordeal, but a year is long enough to schedule the outage and do the upgrade.

2. I don't think the Microsoft comparison is a fair comparison. First, the goal of keeping these vulnerabilities secret is to minimize the information getting to all the wannabe hackers out there until a fix could be developed and pushed out. The problem with MS in the past was XP. XP was designed (at user request) to support [unsafe] legacy (DOS Era) and expensive hardware and software. Security was not that big a deal for home users when XP was created. High speed access to the home was almost non-existent. The problem with MS was their PR people trying to spin the story when it broke when they should have just been straight with the public. The "cover-up" is almost always worse than the actual crime.

In this case with Juniper, it says,
Quote:
only our customers and partners are allowed access to the details of the Security Advisory
I see nothing wrong with that - AS LONG AS that information is readily available to those affected. Customers should notified, and not find out by reading a press bulletin.
My System SpecsSystem Spec
.


Reply

 Easily spoofed traffic can crash routers, Juniper warns




Thread Tools





Similar help and support threads
Thread Forum
Spoofed calls - Is it what I recived?
I received a call from a number that had nothing to do with the original source of the call so, I'm guessing this was a spoofed call...if that is the correct term? I made the mistake of challenging the caller and not simply hanging up...it got nasty. He finally hung up and then, to annoy me, he...
General Discussion
Spoofed email
Hi All, I received an email from my cousin that she never sent to me. Looking at the body of the letter it was apparent that her name was altered and her email address in "<xxxxxxxxxx>" was incorrect. The hyperlink was also suspicious. Of course I did not click on it and called her to verify...
Browsers & Mail
Hackers easily hijack Windows crash reports, report says
Source A Guy
Security News
Researcher warns about critical flaw in D-Link routers
Source A Guy
Security News
FileVault 2 easily decrypted, warns Passware
Source A Guy
Security News
IPSec VPN with a Juniper Netscreen
Dear forum users, can anyone explain me how to setup a IPSec VPN with a Juniper Netscreen? I've tried to update Nescreen Remote software but it does not seem to work. Best regards Alessandro
Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:30.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App