Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Junos] Kernel responds to Record Route IP Option by default

0

0

Article ID: KB31014 KB Last Updated: 12 Jul 2016Version: 1.0
Summary:

Junos devices will respond to packets using the Record Route IP Option by default

Symptoms:

The Record Route IP Option is read by the kernel by default. This option is used to trace the route an IP packet takes through the network.

The following is from RFC 791, pg. 20, 21:

"The record route option provides a means to record the route of an internet datagram.
...
When an internet module routes a datagram it checks to see if the record route option is present. If it is, it inserts its own internet address as known in the environment into which this datagram is being forwarded into the recorded route beginning at the byte indicated by the pointer, and increments the pointer by four."

This may be a security concern. Some administrators may choose to disable the feature.

Cause:

Some applications rely on the Record Route IP Option, so it is enabled by default.

Solution:
The Record Route IP Option can be disabled manually by the root administrator. To view the current status:

junos> start shell user root
root@junos% sysctl -a | grep ip_rr
net.inet.ip.ip_rr: 1

The value of 1 indicates the default value, where Record Route is used. To change the behavior:

root@junos% sysctl -w net.inet.ip.ip_rr=0

This will need to be done each time the Routing Engine restarts.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search