The Juniper router must be configured to restrict traffic destined to itself.
An XCCDF Rule
Description
<VulnDiscussion>The Routing Engine handles traffic destined to the router—the key component used to build forwarding paths and is instrumental with all network management functions. Hence, any disruption or DoS attack to the Routing Engine can result in mission critical network outages.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-217019r604135_rule
- Severity
- High
- References
- Updated
Remediation - Manual Procedure
Configure the router’s receive path filters to restrict traffic destined to the router.
Configure a filter to define what traffic should be received by the Routing Engine.
[edit firewall family inet]
set filter DESTINED_TO_RP term FILTER_TCP from destination-address 11.1.12.0/24