[NANOG] Re: JunOS and MX trojan and malware

[Justin Streiner via NANOG <nanog () lists nanog org>]

This underscores the importance of proper security around out-of-band
management/console networks and proper security of console ports to the
extent that devices offer it.

Thank you
jms

On Thu, Mar 13, 2025 at 1:29 PM Bryan Fields via NANOG <
nanog () lists nanog org> wrote:

> On 3/13/25 12:22 PM, Eric Kuhnke via NANOG wrote:
>
> > PDF file:
> https://supportportal.juniper.net/sfc/servlet.shepherd/document/download/069Dp00000FzdmIIAR?operationContext=S1
>
> From reading this there was no known remote exploit, they needed user level
> shell access to exploit another local vulnerability which got them root and
> then installed this exploit.  While this isn't great, if someone has
> unaudited
> login user level access to your routers, you've already lost.  Basic ACL's
> go
> a long way to filtering this from outside a logged network too.  Security
> is
> best when it's a multilayered approach.
>
> This said, I've been greeted with a login prompt telnetting to carrier's
> upstream router in the last 6 months.  They seemed outright confused why I
> cared about it and closed the ticket.  🤦‍♂️
>
> --
> Bryan Fields
>
> 727-409-1194 - Voice
> http://bryanfields.net
> _______________________________________________
> NANOG mailing list
>
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/2UEVTAIT5YF3V75PKHMZG4IMUYKNQ6GE/
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/YM3RDKBIFRCDHERC6IQ3HYILHQC7W7BH/