You may be wondering about our recent maintenance notification to address security vulnerability on numerous routers. There are also rumors about number of large backbone providers patching routers everywhere recently in the past several weeks. You may have also heard about this, this and this.
This is the infamous PSN-2013-01-823 security vulnerability announcement by Juniper Networks (#PR 839412). The announcement outlines a potentially serious security flaw where a specially crafted TCP packet (which, could also be spoofed to bypass a fair amount of perimeter packet filters) which will crash the Routing Engine on a Juniper device, causing it to reboot.
While no known exploits currently exist and many provider networks (including ourselves) utilize techniques to protect routers (best practices such as loopback/control-plane filtering, backbone perimeter protection and BCP38), network providers are not taking any chances -- and we're not taking chances either.
We have now completed patching roughly 70% of all Juniper-based devices on our network. The remaining Juniper devices will be patched next Saturday (March 2, 2013) from 3:00 to 6:59 AM eastern time as noted in our scheduled maintenance notification.
The new software code was regression tested in the lab for a couple of weeks, and the patches have gone accordingly to plan so far. We expect the remaining upgrades next weekend to be painless. If you have any particular concerns or questions, please do not hesitate to contact us at anytime.
We will update you on this as work continues next weekend.
No comments:
Post a Comment