Attackers sometimes configure IP options incorrectly, producing either incomplete or malformed fields. The incorrect formatting is anomalous and potentially harmful to the intended recipient.
|
Before You Begin |
|---|
|
For background information, read Understanding Bad IP Option Protection. |
To detect and block IP packets with incorrectly formatted IP options, use the JUNOS CLI configuration editor. The specified security zone is the one from which the packets originated.
- user@host# set security screen ip-bad-option ip bad-option
- user@host# set security zones security-zone zone screen
ip-bad-option