Following the Juniper kernel flaw posts, we received a number of inquiries regarding how to determine the option value to use, however we were somewhat reluctant to provide that level of detail. Now that exploit code has been published elsewhere, there is little reason not to answer this question.
We have noted some interesting responses since our post yesterday detailing the information in Juniper bulletin PSN-2010-01-623 and our thoughts on its somewhat understated effect. Since our post yesterday, the bulletin has been updated, becoming more specific about the versions affected (basically excluding JUNOS version 10.x and versions no longer supported by Juniper). We have tested all 256 permutations of the Options field in the TCP header, and reproduced the kernel crash, which is demonstrated in the video below.
A report has been received from Juniper at 4:25pm under bulletin PSN-2010-01-623 that a crafted malformed TCP field option in the TCP header of a packet will cause the JUNOS kernel to core (crash).
Breaking up your network “is good,” we all know this, and VLANs have traditionally been used to segment a network to help with maintenance, management, and security; but, they are not the only game in town and often the wrong place to break your network into smaller and more efficient pieces. VPN Routing and Forwarding [...]