Re: [j-nsp] [c-nsp] Meltdown and Spectre

2018-01-06 Thread Tomasz Mikołajek 
Hello.
Info from Juniper:
https://forums.juniper.net/t5/Security-Now/Meltdown-amp-Spectre-Modern-CPU-vulnerabilities/ba-p/317254#

W dniu sob., 6.01.2018 o 19:51 Sebastian Becker  napisał(a):

> Same here. User that have access are implicit trusted. So no need for
> panic.
>
> —
> Sebastian Becker
> s...@lab.dtag.de
>
> > Am 06.01.2018 um 12:58 schrieb Gert Doering :
> >
> > Hi,
> >
> > On Sat, Jan 06, 2018 at 12:04:22PM +0100, james list wrote:
> >> For cve related to Meltdown and Spectre I'm wondering to know what are
> you
> >> doing or going to do on your networking gears?
> >
> > "Nothing"...
> >
> > My networking gear does not execute external code (like, JavaScript),
> > so the question "will untrusted external code be able to read secrets
> > it should not see" is not overly relevant.
> >
> >
> > Now, for those newfangled stuff where vendors think that you MUST HAVE
> > VIRTUALIZATION! on the control plane, so YOU CAN RUN STUFF THERE!!! -
> > we do not have any of those (yet), but if we had, we'd ask them for
> > hypervisor patches...
> >
> > gert
> >
> >
> > --
> > now what should I write here...
> >
> > Gert Doering - Munich, Germany
> g...@greenie.muc.de
> > ___
> > juniper-nsp mailing list juniper-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] [c-nsp] Meltdown and Spectre

2018-01-06 Thread Sebastian Becker 
Same here. User that have access are implicit trusted. So no need for panic.

—
Sebastian Becker
s...@lab.dtag.de

> Am 06.01.2018 um 12:58 schrieb Gert Doering :
> 
> Hi,
> 
> On Sat, Jan 06, 2018 at 12:04:22PM +0100, james list wrote:
>> For cve related to Meltdown and Spectre I'm wondering to know what are you
>> doing or going to do on your networking gears?
> 
> "Nothing"...
> 
> My networking gear does not execute external code (like, JavaScript),
> so the question "will untrusted external code be able to read secrets
> it should not see" is not overly relevant.
> 
> 
> Now, for those newfangled stuff where vendors think that you MUST HAVE
> VIRTUALIZATION! on the control plane, so YOU CAN RUN STUFF THERE!!! -
> we do not have any of those (yet), but if we had, we'd ask them for
> hypervisor patches...
> 
> gert
> 
> 
> --
> now what should I write here...
> 
> Gert Doering - Munich, Germany g...@greenie.muc.de
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



signature.asc
Description: Message signed with OpenPGP
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] [c-nsp] Meltdown and Spectre

2018-01-06 Thread Gert Doering 
Hi,

On Sat, Jan 06, 2018 at 12:04:22PM +0100, james list wrote:
> For cve related to Meltdown and Spectre I'm wondering to know what are you
> doing or going to do on your networking gears?

"Nothing"...

My networking gear does not execute external code (like, JavaScript),
so the question "will untrusted external code be able to read secrets
it should not see" is not overly relevant.


Now, for those newfangled stuff where vendors think that you MUST HAVE
VIRTUALIZATION! on the control plane, so YOU CAN RUN STUFF THERE!!! - 
we do not have any of those (yet), but if we had, we'd ask them for
hypervisor patches...

gert


-- 
now what should I write here...

Gert Doering - Munich, Germany g...@greenie.muc.de


signature.asc
Description: PGP signature
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Juniper MX w/ macSEC

2018-01-06 Thread Alex Martino via juniper-nsp 
Hello,

Does anybody have experience of using macSEC on Juniper MX240 with 
RE-S-1800x4-32G and 10G linecards? Is there a big performance/latency hit to be 
expected when pushing 10-20G?

With thanks,
Alex

Sent with [ProtonMail](https://protonmail.com) Secure Email.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Meltdown and Spectre

2018-01-06 Thread Daniel Suchy 
Hello,
Cisco has official advisory for that...

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel

https://kb.juniper.net/InfoCenter/index?page=content=JSA10842=SIRT_1=LIST

In general, if you have properly protected control plane of your device
(see RFC 6192 for recomendations), there's no reason for panic. You must
wait for vendor's updates... and it's complex issue, there's no simple
fix (current fixes available in Linux for example aren't covering all
CVEs yet).

With regards,
Daniel


On 01/06/2018 12:04 PM, james list wrote:
> Dear all,
> For cve related to Meltdown and Spectre I'm wondering to know what are you
> doing or going to do on your networking gears?
> 
> I'm struggling to understand something from vendors but I'd like to hear
> from people in the pitch.
> 
> Cheers
> James
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Meltdown and Spectre

2018-01-06 Thread james list 
Dear all,
For cve related to Meltdown and Spectre I'm wondering to know what are you
doing or going to do on your networking gears?

I'm struggling to understand something from vendors but I'd like to hear
from people in the pitch.

Cheers
James
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp