[AusNOG] Anyone put their hand up?

Binh Lam ccie12218 at gmail.com
Wed Jun 9 15:34:50 EST 2021


Check if the device/junos run into this Vul?

IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
(CVE-2016-1409)
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10749


On Wed, Jun 9, 2021 at 3:19 PM Dmitry Konchanin <dmitry.konchanin at dtsanz.com>
wrote:

> Seems like v6 this time, also big counters on ddos-protection protocols
> ndpv6/neighb-sol and ndpv6/aggregate. Tho it does not save routing engine.
> I guess it's time to have a good look on ipv6 RE input policer, they
> usually got lack of attention..
> Kind regards,
>
> Dmitry Konchanin
> Senior Network Engineer
> _______________________________________________
> ⇒ New Zealand Office: 0508 387 669/+(64) 4 918 0160 extn 118
> ⇒ Australian Office: 1300 054 331/+(61) 7 5522 9726 extn 118
> ⇒ Website: www.DTSanz.com
>
>
> On 9/06/2021 4:54 pm, Binh Lam wrote:
>
> All,
>
> For junos.. check the output of
>
> "show ddos-protection protocols statistics terse"
>
> will give you some hints what happened..
> It appears ttl, ndpv6 hit via ix?
>
> On Wed, 9 Jun 2021, 2:48 pm Luke Iggleden, <luke at iggleden.com> wrote:
>
>> Hi All,
>>
>> I too would like to see what the traffic was that hit our Junipers with
>> this issue.
>>
>> We changed the default arp policer last time a similar event happened on
>> Megaport, but still this played havoc on our routing engines. Is there some
>> other traffic we have to filter to protect our networks from broadcast
>> storms on this peering fabric?
>>
>>
>>
>> On 9/6/21 2:06 pm, Stavros Patiniotis wrote:
>>
>> Hi,
>>
>>
>>
>> Does anyone have a sample pcap of the erroneous traffic seen from their
>> port that they would be able to share?
>>
>>
>>
>>
>>
>> *From:* AusNOG <ausnog-bounces at lists.ausnog.net>
>> <ausnog-bounces at lists.ausnog.net> *On Behalf Of *Dave Browning
>> *Sent:* Wednesday, 9 June 2021 1:27 PM
>> *To:* ausnog at lists.ausnog.net
>> *Subject:* Re: [AusNOG] Anyone put their hand up?
>>
>>
>>
>> The storm came in from fe80::82e0:1dff:fe27:b440
>> Which is 80:e0:1d:27:b4:40
>> Which is 103.26.68.204 in v4 land
>> Which is AS38858
>>
>> :)
>>
>>
>>
>> On 9/06/2021 1:38 pm, Edward Um wrote:
>>
>> Can anyone confirm an outage at 1pm ish today?
>>
>>
>>
>> Thanks in advance!
>>
>> --
>>
>> Edward Um
>> Mobile: +61 449 051 894
>>
>> Sent on the run!
>>
>>
>>
>> _______________________________________________
>>
>> AusNOG mailing list
>>
>> AusNOG at lists.ausnog.net
>>
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>>
>> _______________________________________________
>> AusNOG mailing listAusNOG at lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
> _______________________________________________
> AusNOG mailing listAusNOG at lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20210609/555399f5/attachment.html>


More information about the AusNOG mailing list