JUNOS (Juniper) Flaw Exposes Core Routers to Kernel Crash

A report has been received from Juniper at 4:25pm under bulletin PSN-2010-01-623 that a crafted malformed TCP field option in the TCP header of a packet will cause the JUNOS kernel to core (crash). In other words the kernel on the network device (gateway router) will crash and reboot if a packet containing this crafted option is received on a listening TCP port. The JUNOS firewall filter is unable to filter a TCP packet with this issue. Juniper claims this issue as exploit was identified during investigation of a vendor interoperability issue.

more ...

JUNOS (Juniper) Kernel Crash Video

We have noted some interesting responses since our post yesterday detailing the information in Juniper bulletin PSN-2010-01-623 and our thoughts on its somewhat understated effect. Since our post yesterday, the bulletin has been updated, becoming more specific about the versions affected (basically excluding JUNOS version 10.x and versions no longer supported by Juniper).

more ...

Ossec: Agentless....it's good, but not good enough.

In working with OSSEC agentless for some time now I have come across some limitations in the implementation that I felt needed to be addressed. As OSSEC agentless is designed to preform syscheck functions on remote hosts, more general features are hard (if not impossible) to write into a script.

more ...


Ossec: Agentless to save the day

OSSEC is a Host Intrusion Detection System (HIDS) in name, but in reality it is far more. It's able to look for rootkits, monitor logs (LIDS), and even actively respond to defined events. While all these features are great, the unsung hero is agentless monitoring.

more ...

Breaking Twitter (Authenication)

Yesterday we spent some time speculating on how phishing attacks like the one afflicting Twitter on Wednesday of this week are seeded. How are the original direct messages sent out that kick off the first stolen credentials, the next set of direct messages, and so on in the loop? We were hoping, but not counting on, the fact that Twitter might address this in their blog. Taking a page from Google or Microsoft, an up front and transparent approach to security seems to be the direction of major players in the online space. Twitter may consider embracing this approach, given its rampant rise in popularity and thus existence at the edge of malicious customized attacks from bad actors, as it likely has a lot of data that would benefit the information assurance community.

more ...

Are borderless networks possiable?

I attended SC World Congress in New York this week and a keynote from Cisco caught my attention: Securing the Cloud: Building the Borderless Network. I became fixated on the words used over and over by Joel McFarland. Borderless this, borderless that, borderless everything. This campaign started to bother me as this was a security conference and a network company was pushing the idea of less borders. It seemed off, wrong, and incomplete to me.

more ...

VRF is the new Black: How I Learned to Stop Worrying and Love the Complexity

Breaking up your network "is good," we all know this, and VLANs have traditionally been used to segment a network to help with maintenance, management, and security; but, they are not the only game in town and often the wrong place to break your network into smaller and more efficient pieces. VPN Routing and Forwarding (VRF) can do the same for layer 3 infrastructure that VLANs do for layer 2. By allowing you to create and manage separate routing tables within a single physical router, they truly bring virtualization and segmentation to all points on your network. As with any technology that adds layers, complexity can become a problem, but you already know this.

more ...