Internet Control Message Protocol (ICMP) provides error reporting and network probe capabilities. Because ICMP packets contain very short messages, there is no legitimate reason for ICMP packets to be fragmented. If an ICMP packet is so large that it must be fragmented, something is amiss.
Before You Begin |
|---|
For background information, read Suspicious Packet Attributes Overview. |
When you enable the ICMP fragment protection screen option, JUNOS Software blocks any ICMP packet that has the More Fragments flag set or that has an offset value indicated in the offset field. See Figure 135.
Figure 135: Blocking ICMP Fragments