nanog mailing list archives

Previous By Date Next
Previous By Thread Next

[NANOG] Re: JunOS and MX trojan and malware

From: Bryan Fields via NANOG <nanog () lists nanog org>
Date: Thu, 13 Mar 2025 13:28:50 -0400
On 3/13/25 12:22 PM, Eric Kuhnke via NANOG wrote:


PDF file:
https://supportportal.juniper.net/sfc/servlet.shepherd/document/download/069Dp00000FzdmIIAR?operationContext=S1


From reading this there was no known remote exploit, they needed user level
shell access to exploit another local vulnerability which got them root and
then installed this exploit.  While this isn't great, if someone has unaudited
login user level access to your routers, you've already lost.  Basic ACL's go
a long way to filtering this from outside a logged network too.  Security is
best when it's a multilayered approach.

This said, I've been greeted with a login prompt telnetting to carrier's
upstream router in the last 6 months.  They seemed outright confused why I
cared about it and closed the ticket.  🤦‍♂️

-- 
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/2UEVTAIT5YF3V75PKHMZG4IMUYKNQ6GE/
Previous By Date Next
Previous By Thread Next

Current thread: