Juniper has disclosed that that a problem with the Junos router could enable DDoS attacks Juniper has admitted that a vulnerability in IPv6 processing on its Junos router OS could allow malicious packets to be sent to networks resulting in a DDoS attack on infrastructure. In an advisory, the firm said the flaw could enable a specially crafted “IPv6 Neighbor Discovery” (ND) packet to be accepted by the router rather than discarded. “The crafted packet, destined to the router, will then be processed by the routing engine (RE). A malicious network-based packet flood, sourced from beyond the local broadcast domain, can cause the RE CPU to spike, or cause the DDoS protection ARP protocol group policer to engage. When this happens, the DDoS policer may start dropping legitimate IPv6 neighbors as legitimate ND times out,” the firm said. The firm added that this is similar to the router’s response to any purposeful malicious IPv6 ND flood destined to the router. “The difference is that the crafted packet identified in the vulnerability is such that the forwarding controllers/ASICs should disallow this traffic from reaching the RE for further processing,” according to the advisory. It said that following investigations, only its MX, PTX, and QFX products have been confirmed to experience this behaviour. Juniper added that no fix was presently available at the time of writing and neither was a complete workaround. “Security best current practices (BCPs) of filtering all ND traffic at the edge, destined to network infrastructure equipment, should be employed to limit the malicious attack surface of the vulnerability,” the firm advised. Rich Barger, chief intelligence officer at ThreatConnect, told SCMagazineUK.com that organisations should look to either filter the protocol or packet (if possible). “It looks as if Juniper has included edge firewall rules that can block the neighbour discovery packets as a means to buffer any vulnerable devices,” he said. Richard Cassidy, technical director EMEA at Alert Logic, said that this flaw represents a serious issue for organisations that “Dual Stack” networking with IPv6 and IPv4. He told SC that the issue was “essentially a DDoS attack, through a specially crafted IPv6 ND packet, that can be targeted at JunOS routers from remote attackers. It is fairly simple to identify router OS versions through scanning techniques, which of course leaves most organisations at risk at some level, given the prevalence of Juniper in networking infrastructures globally.” Alex Cruz Farmer, VP of cloud at Nsfocus, told SC that almost every network around the world is considering or planning IPv6 if they have not already. “With this in mind, it’s crucial that the protection is implemented now, to avoid this security hole being exploited in future.” Source: http://www.scmagazineuk.com/flaw-in-junipers-junos-router-software-could-cause-ddos-flood/article/501681/
Visit link:
Flaw in Juniper’s JunOS router software could cause DDoS flood
A combination of Ransomware and DDoS attacks is heralding a new wave of cyber attacks against consumers and enterprises around the world. Security experts are concerned this may become a standard practice going forward; this is not good news by any means. Ransomware And DDoS Is A Potent Mix Over the past few years, ransomware attacks have become the norm rather than an exception. But the people responsible for these attack continue to improve their skills, and infected machines will now start executing distributed denial of service attacks as well. Not only will users not be able to access their files, but the device will also become part of a botnet attacking other computers and networks around the world. KnowBe4 CEO Stu Sjouwerman stated: “ Adding DDoS capabilities to ransomware is one of those ‘evil genius’ ideas. Renting out DDoS botnets on the Dark Web is a very lucrative business, even if prices have gone down in recent years. You can expect [bundling] it to become a fast-growing trend.” One of the first types of ransomware to embrace this new approach is Cerber, a Bitcoin malware strain which has been wreaking havoc for quite some time now. Attacks have been using “weaponized” Office documents to deliver malware to computers, which would then turn into a member of a botnet to DDoS other networks. While some people see this change as a logical evolution of ransomware attacks, this is a worrying trend, to say the least. Assailants can come up with new ways to monetize their ransomware attacks, even if the victim decides not to pay the fee. As long as the device is infected, it can be used to execute these DDoS attacks, which is a service worth the money to the right [wrong] people. A recent FireEye report shows how the number of Bitcoin ransomware attacks will exceed 2015 at the rate things are going right now. Now that DDoS capabilities are being added to the mix, it is not unlikely the number of infections will increase exponentially over the next few months. Moreover, removing the ransomware itself is no guarantee computer systems will not be used for DDoS purposes in the future, and only time will tell if both threats can be eliminated at the same time. Source: http://themerkle.com/devices-infected-with-new-ransomware-versions-will-execute-ddos-attacks/