dynes-deployments - [dynes-deployments] Fwd: Juniper vulnerability: PSN-2013-01-823
Subject: DYNES-Deployments
List archive
- From: Jason Zurawski <>
- To: "" <>, "" <>
- Cc: "David A. J. Ripley" <>
- Subject: [dynes-deployments] Fwd: Juniper vulnerability: PSN-2013-01-823
- Date: Thu, 31 Jan 2013 12:49:50 +0000
- Accept-language: en-US
All;
As an FYI, the following note is setting the stage for a code upgrade on the
Internet2 Network, as well as on the Internet2 ION Service (which underpins
DYNES), to address a critical vulnerability. The exact timeframe has not
been announced yet, but is expected to occur sometime early Friday (2/1)
morning. As a precautionary measure, the Internet2 IDC (the controller that
enables dynamic circuits) will be disabled during the time of the upgrade and
it will not be possible to create inter-domain circuits crossing Internet2.
David Ripley from the GRNOC is monitoring the situation, and will announce
when the maintenance is complete, and the IDC is back in business.
Thanks;
-jason
Begin forwarded message:
> From: Chris Robb
> <>
> Subject: Juniper vulnerability: PSN-2013-01-823
> Date: January 30, 2013 4:00:59 PM EST
> To:
> ""
>
> <>
>
> Folks:
>
> For those of you with Juniper routers, you may want to have a look at the
> following technical bulletin PSN-2013-01-823:
>
> http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-01-823&viewMode=view
>
> There was some speculation earlier in the day on the Juniper NSP list
> regarding a pull of a large chunk of code from Juniper's webpage:
>
> https://puck.nether.net/pipermail/juniper-nsp/2013-January/025429.html
>
> This is a wide-sweeping vulnerability across all versions of JunOS since
> 7.6. Note that the traffic needs to hit the RE and firewall filtering will
> help, when combined with the appropriate anti-spoof mechanisms. Internet2
> is already in the process of upgrading all of our backup REs and we'll
> schedule maintenance this coming weekend to swap the routers over to the
> patched code. Others may want to look at their environment and asses their
> vulnerability very shortly, given that this is now somewhat public and will
> likely be shared widely in a short timeframe.
>
> -Chris
>
> --
> Chris Robb, Internet2 Director of Operations and Engineering
> O: 812.855.8604 C: 812.345.3188
> ****************
> Visit our website: www.internet2.edu
> Follow us on Twitter: www.twitter.com/internet2
> Become a Fan on Facebook: www.internet2.edu/facebook
- [dynes-deployments] Fwd: Juniper vulnerability: PSN-2013-01-823, Jason Zurawski, 01/31/2013
Archive powered by MHonArc 2.6.16.