Feeds

Easily spoofed traffic can crash routers, Juniper warns

Ashes, ashes all fall down

Website security in corporate America

Juniper Networks is warning customers of a critical flaw in its gateway routers that allows attackers to crash the devices by sending them small amounts of easily-spoofed traffic.

In an advisory sent Wednesday afternoon, the networking company said a variety of devices could be forced to reboot by sending them internet packets with maliciously formed TCP options. The flaw affects versions 3 through 10 of Junos, the operating system that powers devices at ISPs, backbones, and other large networks. Software releases built on or after January 28, 2009 have already fixed the issue.

"The Junos kernel will crash (i.e. core) when a specifically crafted TCP option is received on a listening TCP port," the bulletin, which was issued by Juniper's technical assistance center, stated. "The packet cannot be filtered with Junos's firewall filter. A router receiving this specific TCP packet will crash and reboot."

There are "no totally effective workarounds," the bulletin added.

It's unclear how many Juniper systems remain vulnerable or exactly when customers began installing patches. But the wording of the bulletin was enough to make some security watchers pay close heed, particularly since the Junos ACL, or access control list, was powerless to prevent the attacks.

"Anything that can crash the internet is a big deal," said Daniel Kennedy, a researcher with Praetorian Security Group. "Essentially, you can send a packet to a router and the ACL in that router can't stop this, so you can basically start bouncing routers just by sending it a crafted options field in a TCP request."

A Juniper spokeswoman said the bulletin was one of seven security advisories the company issued under a policy designed to prevent members of the public at large from getting details of the vulnerabilities.

"Because of Juniper's 'Entitled Disclosure Policy,' only our customers and partners are allowed access to the details of the Security Advisory," the spokeswoman wrote.

While the only effective solution is to patch, the bulletin said the risk could be minimized but limiting TCP packets destined for Junos devices. Specifically, customers should employ anti-spoofing" techniques described here. If those techniques aren't feasible for all traffic "focus on anti-spoofing for the IP addresses used for the control plane, management plane, and link addresses," the advisory stated.

More from the Praetorian Prefect blog is here. ®

This story was updated to include comment from Juniper.

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.