[lacnog] Problema de seguridad en Junos e IPv6

Fernando Gont fernando en gont.com.ar
Mie Ene 22 07:06:30 GMT+3 2020


On 16/1/20 16:10, Tomas Lynch wrote:
> https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10982&actp=METADATA
> 
> Lo mejor es la solución que propone el fabricante:
> 
> <quote>
> WORKAROUND:
> 
> Remove 'family inet6' from interfaces. Otherwise, there are no available 
> workarounds for this issue.
> 
> </quote>
> 
> Jordi, ¿y ahora? :p

"Most security vulnerabilities related to network protocols are based on 
implementation flaws, such as the so called “buffer overflows” or the 
failure to graciously process specially-crafted packets. Typically, 
security researchers find vulnerabilities in protocol implementations, 
which eventually are “patched” to mitigate such vulnerabilities. Over 
time, this process of finding and patching vulnerabilities results in 
more robust implementations. For obvious reasons, the IPv4 protocols 
have benefited from the work of security researchers for much longer, 
and thus IPv4 implementations are generally more robust than their IPv6 
counterparts."

(Ref Sección 1.1 de 
https://www.internetsociety.org/deploy360/ipv6/security/faq/)

Puesto de otra forma: la madurez de las implementaciones de IPv6 es 
similar a la de la madurez de las implementaciones de IPv4 en los '90.

(https://www.youtube.com/watch?v=yfKZwlscr4o)

Saludos,
-- 
Fernando Gont
e-mail: fernando en gont.com.ar || fgont en si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1





Más información sobre la lista de distribución LACNOG