Routing
Routing

routing protocols which are diabaled by default !!

‎09-11-2013 06:09 AM

Hi There

 

How can I see on Juniper which routing protocols are disabled by default.  I have a vulnerability for X.11 protocol in relation to SSH version 4.2 and I want ot make sure that x.11 is not enabled on JUNOS.

 

Thanks in advance !!


HM

4 REPLIES 4
Routing

Re: routing protocols which are diabaled by default !!

‎09-11-2013 07:45 AM
show system connections

That gives you the open TCP and UDP ports
Routing

Re: routing protocols which are diabaled by default !!

‎09-11-2013 05:18 PM

All routing protocols are disabled by default until you enable them. Basically, you have to configure them. Routing protocols include BGP, OSPF, RIP etc.

Personally not familiar with X.11 protocol, and have never heard of it in relation to Juniper. I learn something new each day!

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Routing

Re: routing protocols which are diabaled by default !!

‎09-12-2013 03:55 AM

Following was the result after vulnerability scan :-

 

Synopsis: The remote SSH service is prone to an X11 session hijacking\nvulnerability.

Description:  According to its banner, the version of SSH installed on the remote host is older than 5.0. Such versions may allow a local user to hijack X11 sessions because it improperly binds TCP ports on the local IPv6 interface if the corresponding ports on the IPv4 interface are in use.

Solution : Upgrade to OpenSSH version 5.0 or later.

 

__________

 

I am able to figure out more information from Juniper, its listed here (Knowledge Base ID: KB16776)

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16776&cat=JUNOS&smlogin=true

 

Thanks

 

Routing

Re: routing protocols which are diabaled by default !!

‎09-17-2013 06:18 PM
Thanks for the information. This is good to know.
[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]