Internet Service Providers forum

Alert

Juniper DHCP service security issue

by chen-gi / December 27, 2012 11:02 AM PST

Hi All,
I find out juniper device (M/MX) series(BRAS) have dhcp security problem if you turn on dhcp function.
In juniper device dhcp configure need add unnumber interface apply to sub-interface, I find out my pc can use fixed ip address access this network and also can forward packets. I don't know what happen!!!!
I no configure any static route to sub-interface but router still can forward packets to PC and PC can free use whole subnet ip address(fixed ip).
This security issue occure all juniper device. so if you have turn on dhcp function on juniper device you need watch out this.

sample configure:
lab1@M-re0# show
system {
services {
dhcp-local-server {
group IPv4 {
interface ge-10/2/0.1;
}
}
}
}
logical-systems {
PC-1 {
interfaces {
ge-10/2/1 {
unit 1 {
vlan-id 1;
family inet {
address 120.0.0.1/16;
}

}
}
}
routing-options {

static {
route 0.0.0.0/0 next-hop 120.100.0.254;
}
}
}
}
interfaces {
ge-10/2/0 {
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 1 {
vlan-id 1;
family inet {
rpf-check;
unnumbered-address lo0.0 preferred-source-address 120.100.0.254;
}

}
unit 2 {
vlan-id 2;
family inet {
address 130.1.1.254/30;
}
}
}
ge-10/2/1 {
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
}
lo0 {
unit 0 {
family inet {
address 10.10.10.254/32;
address 120.100.0.254/32;
}

}
}
ge-10/2/2 {
unit 0 {
family inet {
address 192.168.1.1/32;
}
}
}
}
access {
address-assignment {
pool test1 {
family inet {
network 120.100.0.0/24;
range 1 {
low 120.100.0.100;
high 120.100.0.200;
}
}
}
}
}

Post a reply
Discussion is locked
You are posting a reply to: Juniper DHCP service security issue
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Juniper DHCP service security issue
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Big stars on small screens

Smosh tells CNET what it took to make it big online

Internet sensations Ian Hecox and Anthony Padilla discuss how YouTube has changed and why among all their goals, "real TV" isn't an ambition.