Based on RFC 1700, these protocol types with ID numbers of 137 or greater are reserved and undefined at this time. Precisely because these protocols are undefined, there is no way to know in advance if a particular unknown protocol is benign or malicious.
Before You Begin |
---|
For background information, read Suspicious Packet Attributes Overview. |
Unless your network makes use of a nonstandard protocol with an ID number of 137 or greater, a cautious stance is to block such unknown elements from entering your protected network. See Figure 138.
Figure 138: Unknown Protocols
When you enable the unknown protocol protection screen option, JUNOS Software drops packets when the protocol field contains a protocol ID number of 137 or greater by default.