By sending a custom-built transmission control protocol (TCP) packet to a listening port on a Juniper
Routing Engine, an attacker can make the kernel of Junos
crash and case routers to switch over or reboot, according to technicians at Juniper Networks.
The flaw in Juniper’s router operating system, which affects older versions of the Juno software released before January 17, was uncovered during an internal routing product testing.
In a statement today, Juniper said it has not heard that the vulnerability is being exploited and that fixes to the flaw for affected platforms are available.
The company also advised administrators to implement source address anti-spoofing to prevent transmissions from bogus from reaching devices.
6 nasty Internet routing attacks
Application-targeted DDoS attacks increasing
Unicast reverse path forwarding can be done to reduce the risks of attacks. This method involves checking if the IP address in a packet is reachable. If the address could not be reached, the packet is dropped.
Other security measures include using RFC 3682 time-to-live security as well as implementing access lists or firewall filters for routers.
Read the whole story here