Agree as well. Bad assumption on my part that Level3 would doing the items listed in the workaround already.
On Tue, Feb 5, 2013 at 11:41 AM, Jonathan Lassoff <j...@thejof.com> wrote: > On Tue, Feb 5, 2013 at 9:33 AM, Jason Biel <ja...@biel-tech.com> wrote: > > Workaround is proper filtering and other techniques on the RE/Loopback to > > prevent the issue from happening. > > Agreed. However, if it only takes one packet, what if an attacker > sources the traffic from your management address space? > > Guarding against this requires either a separate VRF/table for > management traffic or transit traffic, RPF checking, or TTL security. > If these weren't setup ahead of time, maybe it would be easier to > upgrade than lab, test, and deploy a new configuration. > > This is all speculation about Level3 on my part; I don't know their > network from an internal perspective. > > --j > > > > Should an upgrade be performed? Yes, but certainly doesn't have to have > > right away or without notice to customers. > > > > On Tue, Feb 5, 2013 at 11:23 AM, Jonathan Lassoff <j...@thejof.com> > wrote: > > > >> My hunch is that this is fallout and repairs from Juniper PR839412. > >> Only fix is an upgrade. Not sure why they're not able to do a hitless > >> upgrade though; that's unfortunate. > >> > >> Specially-crafted TCP packets that can get past RE/loopback filters > >> can crash the box. > >> > >> --j > >> > >> On Tue, Feb 5, 2013 at 7:39 AM, Josh Reynolds <ess...@gmail.com> wrote: > >> > I know a lot of you are out of the office right now, but does anybody > >> have > >> > any info on what happened with L3 this morning? They went into a 5 > hour > >> > maintenance window with expected downtime of about 30 minutes while > they > >> > upgraded something like *40* of their "core routers" (their words), > but > >> > also did this during some fiber work and completely cut off several of > >> > their east coast peers for the entirety of the 5 hour window. > >> > > >> > If anybody has any more info on this, on a NOC contact for them on the > >> East > >> > Coast for future issues, you can hit me off off-list if you don't feel > >> > comfortable replying with that info here. > >> > > >> > Thanks, and I hope hope you guys are enjoying Orlando. > >> > > >> > -- > >> > *Josh Reynolds* > >> > ess...@gmail.com - (270) 302-3552 > >> > >> > > > > > > -- > > Jason > -- Jason