[lacnog] Problema de seguridad en Junos e IPv6
Fernando Gont
fernando en gont.com.ar
Mie Ene 22 07:06:30 GMT+3 2020
On 16/1/20 16:10, Tomas Lynch wrote:
> https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10982&actp=METADATA
>
> Lo mejor es la solución que propone el fabricante:
>
> <quote>
> WORKAROUND:
>
> Remove 'family inet6' from interfaces. Otherwise, there are no available
> workarounds for this issue.
>
> </quote>
>
> Jordi, ¿y ahora? :p
"Most security vulnerabilities related to network protocols are based on
implementation flaws, such as the so called “buffer overflows” or the
failure to graciously process specially-crafted packets. Typically,
security researchers find vulnerabilities in protocol implementations,
which eventually are “patched” to mitigate such vulnerabilities. Over
time, this process of finding and patching vulnerabilities results in
more robust implementations. For obvious reasons, the IPv4 protocols
have benefited from the work of security researchers for much longer,
and thus IPv4 implementations are generally more robust than their IPv6
counterparts."
(Ref Sección 1.1 de
https://www.internetsociety.org/deploy360/ipv6/security/faq/)
Puesto de otra forma: la madurez de las implementaciones de IPv6 es
similar a la de la madurez de las implementaciones de IPv4 en los '90.
(https://www.youtube.com/watch?v=yfKZwlscr4o)
Saludos,
--
Fernando Gont
e-mail: fernando en gont.com.ar || fgont en si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Más información sobre la lista de distribución LACNOG