Errata

Juniper MX Series

Errata for Juniper MX Series, Second Edition

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected".

The following errata were submitted by our customers and approved as valid errors by the author or editor.

Color key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update

Version Location Description Submitted By Date submitted Date corrected
Printed
Page 318
last term, accept-traceroute-tcp

The accept-traceroute-tcp term can present a security risk. As written, it allows any TTL=1 TCP segment to be accepted. This could provide unintended access to the router for any TCP protocol, such as SSH or Telnet. As such it represents a security risk.

While TCP based traceroute is a valid tool, its use is rare in service provider networks. The suggested fix is to delete the term. If TCP traceroute is needed a set of internal IPs that are allowed to access the router along with a valid control plane service/port should be added.


Note from the Author or Editor:
Please add this credit when the errata is made official:

“Thanks to Gary Steers of GTT for reporting this issue.”

harry Reynolds  Nov 18, 2019 
Printed
Page 342
accept-traceroute-tcp-v6 term

The accept-traceroute-tcp-v6 term can present a security risk. As written, it allows any TTL=1 TCP segment to be accepted. This could provide unintended access to the router for any TCP protocol, such as SSH or Telnet. As such it represents a security risk.

While TCP based traceroute is a valid tool, its use is rare in service provider networks. The suggested fix is to delete the term. If TCP traceroute is needed a set of internal IPV6 addresses that are allowed to access the router along with a valid control plane service/port should be added.

Note from the Author or Editor:
Please add this credit when the errata is made official:

“Thanks to Gary Steers of GTT for reporting this issue.”

Harry Reynolds  Nov 18, 2019