The following table lists Attack Detection and Prevention features, specifies whether the features are supported on various device types, and indicates where you can find more information about each feature:
Table 41: Support Information: Attack Detection and Prevention
|
Feature |
J-series Services Routers |
SRX-series Services Gateways |
More Information |
|---|---|---|---|
|
Bad IP option |
Yes |
Yes | |
|
Block fragment traffic |
Yes |
Yes | |
|
FIN flag without ACK flag set protection |
Yes |
Yes | |
|
ICMP flood protection |
Yes |
Yes | |
|
ICMP fragment protection |
Yes |
Yes | |
|
Large size ICMP packet protection |
Yes |
Yes | |
|
Loose source route option |
Yes |
Yes |
Blocking Packets with Either a Loose or Strict Source Route Option Set |
|
IP record route option |
Yes |
Yes |
SCREEN Options for Detecting IP Options Used For Reconnaissance |
|
IP security option |
Yes |
Yes |
SCREEN Options for Detecting IP Options Used For Reconnaissance |
|
IP address spoof |
Yes |
Yes | |
|
IP stream option |
Yes |
Yes |
SCREEN Options for Detecting IP Options Used For Reconnaissance |
|
IP strict source route option |
Yes |
Yes |
Blocking Packets with Either a Loose or Strict Source Route Option Set |
|
IP address sweep |
Yes |
Yes | |
|
IP timestamp option |
Yes |
Yes |
SCREEN Options for Detecting IP Options Used For Reconnaissance |
|
Land attack protection |
Yes |
Yes | |
|
Ping of death attack protection |
Yes |
Yes | |
|
Port scan |
Yes |
Yes | |
|
Source IP based session limit |
Yes |
Yes | |
|
SYN-ACK-ACK proxy protection |
Yes |
Yes | |
|
SYN and FIN flags set protection |
Yes |
Yes | |
|
SYN flood protection |
Yes |
Yes | |
|
SYN fragment protection |
Yes |
Yes | |
|
Teardrop attack protection |
Yes |
Yes | |
|
TCP packet without flag set protection |
Yes |
Yes | |
|
Unknown protocol protection |
Yes |
Yes | |
|
UDP flood protection |
Yes |
Yes | |
|
WinNuke attack protection |
Yes |
Yes |