The Juniper BGP router must be configured to reject inbound route advertisements for any Bogon prefixes.
An XCCDF Rule
Description
Accepting route advertisements for Bogon prefixes can result in the local autonomous system (AS) becoming a transit for malicious traffic as it will in turn advertise these prefixes to neighbor autonomous systems.
- ID
- SV-217053r604135_rule
- Version
- JUNI-RT-000480
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure the router to reject inbound route advertisements for any Bogon prefixes.
Configure a prefix list containing the current Bogon prefixes as shown below.
[edit policy-options]
set prefix-list BOGON_PREFIXES 0.0.0.0/8