On 25 November 2016 at 09:45, Phil Shafer <[email protected]> wrote:
Hey,
>>Someone is brute-forcing Your router password, and that is very common
>>nowadays. Good loopback filter would prevent this.
>
> Amen to this and all your other points, esp re: avoiding telnet in
> favor of ssh.
Agreed, SSH all the way, but you should still allow only connection
attempts from trusted sources. Who knows what kind of 0day issues
remain, which don't require successful auth, but require TCP to
establish.
One funny, likely with no security implications, but demonstrates how
wide the vectors may be, just by accepting TCP:
ruby -rnet/ssh -e
'Net::SSH.start(ARGV[0],"foo\x1dbar",{password:"",number_of_password_prompts:0})'
SOME_JUNOS_ROUTER
Review 'show log messages' after.
--
++ytti
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
