Easily spoofed traffic can crash routers, Juniper warns

JMH

Banned
Local time
11:58 AM
Messages
6,448
Juniper Networks is warning customers of a critical flaw in its gateway routers that allows attackers to crash the devices by sending them small amounts of easily-spoofed traffic.
In an advisory sent Wednesday afternoon, the networking company said a variety of devices could be forced to reboot by sending them internet packets with maliciously formed TCP options. The flaw affects versions 3 through 10 of Junos, the operating system that powers devices at ISPs, backbones, and other large networks. Software releases built on or after January 28, 2009 have already fixed the issue.

More -
Easily spoofed traffic can crash routers, Juniper warns ? The Register
 

My Computer My Computer

At a glance

Win 7 Ultimate 64-bit. SP1.Intel i7 -720QM.[1.6GHz Turbo Boost 2.8GHz. 6...8 DDR 3 RAM. 1066MHZATI 1024 MB. DDR3. Radeon HD5650
Computer Manufacturer/Model Number
LAPTOP. HP Pavilion dv7-4010TX .
OS
Win 7 Ultimate 64-bit. SP1.
CPU
Intel i7 -720QM.[1.6GHz Turbo Boost 2.8GHz. 6MB Cache.]
Memory
8 DDR 3 RAM. 1066MHZ
Graphics Card(s)
ATI 1024 MB. DDR3. Radeon HD5650
Monitor(s) Displays
17.3" High Definition Brightview LCD. LED Backlit.
Screen Resolution
1600 x 900.
Hard Drives
640GB
Case
Laptop / notebook.
Mouse
Logitech Anywhere mouse. MX.
Internet Speed
ADSL [ but too slow ]
"Because of Juniper's 'Entitled Disclosure Policy,' only our customers and partners are allowed access to the details of the Security Advisory," the spokeswoman wrote.

Microsoft tried to keep details of advisories secret years ago and it did no one any good whatsoever and the question I heard Microsoft consistently asked is How many years has it been there and exploited? Juniper is not the only technically competent people using the internet and their hardware and so should grow up :sarc:
 
There are a couple disturbing issues here.

1. Software releases built on or after January 28, 2009 have already fixed the issue. So the fix has been out there for a year - if this is still a problem, then the ISP is at fault for not upgrading their software, not Juniper. Now granted, updating software on major network/ISP routers is a big ordeal, but a year is long enough to schedule the outage and do the upgrade.

2. I don't think the Microsoft comparison is a fair comparison. First, the goal of keeping these vulnerabilities secret is to minimize the information getting to all the wannabe hackers out there until a fix could be developed and pushed out. The problem with MS in the past was XP. XP was designed (at user request) to support [unsafe] legacy (DOS Era) and expensive hardware and software. Security was not that big a deal for home users when XP was created. High speed access to the home was almost non-existent. The problem with MS was their PR people trying to spin the story when it broke when they should have just been straight with the public. The "cover-up" is almost always worse than the actual crime.

In this case with Juniper, it says,
only our customers and partners are allowed access to the details of the Security Advisory
I see nothing wrong with that - AS LONG AS that information is readily available to those affected. Customers should notified, and not find out by reading a press bulletin.
 

My Computer My Computer

At a glance

Windows 7 Profession 64-bitIntel Core i7-860 QuadMushkin 4x2Gb PC12800Gigabyte GTX260 896Mb
Computer Manufacturer/Model Number
BrightWorks Systems B4
OS
Windows 7 Profession 64-bit
CPU
Intel Core i7-860 Quad
Motherboard
Gigabyte P55-UD4P
Memory
Mushkin 4x2Gb PC12800
Graphics Card(s)
Gigabyte GTX260 896Mb
Sound Card
Integrated 7.1 HD Dolby
Monitor(s) Displays
2 Samsung 2220wm-HAS 22"
Screen Resolution
1680 x 1050 | 1680 x 1050
Hard Drives
WD HE 1Tb
PSU
Corsair TX-750W
Case
Ultra M998
Cooling
OEM
Keyboard
MS Wireless Comfort 5000
Mouse
MS Wireless 5000
Internet Speed
Cable and pretty darn fast
Back
Top