On 26/03/18 17:31, Chris Adams wrote:
> Got an MX204 - all the things left running on the Wind River Linux VM
> host are pretty embarrassing (even if there's no actual network access
> and so not a security issue). I have no need on a router for RPC, BIND,
> Gluster, NFS, Zeroconf, Postfix, or dns
Once upon a time, Chris Cappuccio said:
> Olivier Benghozi [olivier.bengh...@wifirst.fr] wrote:
> > So it most probably comes with "upgraded Junos with FreeBSD 10", that is
> > 15.1+ on MX with intel CPUs.
> >
> > There's something fun described on PR1167786 about similar behaviour: "Due
> > to
Olivier Benghozi [olivier.bengh...@wifirst.fr] wrote:
> So it most probably comes with "upgraded Junos with FreeBSD 10", that is
> 15.1+ on MX with intel CPUs.
>
> There's something fun described on PR1167786 about similar behaviour: "Due to
> Junos Release 15.1 enabling process rpcbind in FreeB
So it most probably comes with "upgraded Junos with FreeBSD 10", that is 15.1+
on MX with intel CPUs.
There's something fun described on PR1167786 about similar behaviour: "Due to
Junos Release 15.1 enabling process rpcbind in FreeBSD by default, port 646
might be grabbed by rpcbind on startup,
On 17 Mar 2018, at 2:33, Aaron Gould wrote:
> I see udp/tcp listening on 111 on MX960, but not on MX104 nor on ACX5048...
This definitely should be reported to JSIRT.
---
Roland Dobbins
___
juniper-nsp mailing list juni
I see udp/tcp listening on 111 on MX960, but not on MX104 nor on ACX5048...
-Aaron
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-
rpc-alg.html
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.
Hey Pierre,
Yep Agreed -- this goes back to Saku Ytti's et al's discussion ([j-nsp] DDoS to
core interface - mitigation) a few weeks back re: IP block used just for
infrastructure...and either filter it, rate-limit it, or simply don't announce
it. Sage advice. Note that this was a lab-box on my
2018-03-16 3:06 GMT+01:00 Roland Dobbins :
>
> On 16 Mar 2018, at 8:59, Chris Kawchuk wrote:
>
>> Just a heads up; I'm probably not the first person to see this--
>
>
> This is rpcbind/portmapper, FYI, which is often abused for
> reflection/amplification attacks.
>
> I'm assuming vMX is a virtual M
Yeah, not on the hypervisor. Im SR-IOV'ing that interface via an Intel
82599-based 10G port into vMX in RIOT-PERF mode
The hypervisor can't see the NIC interface at that point (due to
PCIe-passthrough).
Anyways - as mentioned, I'll re-write my lo0.0 for
"accept-useful-stuff-and-deny-all-else"
On 16 Mar 2018, at 8:59, Chris Kawchuk wrote:
Just a heads up; I'm probably not the first person to see this--
This is rpcbind/portmapper, FYI, which is often abused for
reflection/amplification attacks.
I'm assuming vMX is a virtual MX - if so, are you sure the issue isn't
on the hypervi
Just noticed this today:
chr...@vmx1.mel-lab1> monitor traffic interface xe-0/0/0 no-resolve size 1500
matching "not port 22"
verbose output suppressed, use or for full protocol decode
Address resolution is OFF.
Listening on ge-0/0/0, capture size 1500 bytes
01:50:20.710920 In IP 207.174.181
11 matches
Mail list logo