[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Understanding ICMP Fragment Protection

Internet Control Message Protocol (ICMP) provides error reporting and network probe capabilities. Because ICMP packets contain very short messages, there is no legitimate reason for ICMP packets to be fragmented. If an ICMP packet is so large that it must be fragmented, something is amiss.

Before You Begin

For background information, read Suspicious Packet Attributes Overview.

When you enable the ICMP fragment protection screen option, JUNOS Software blocks any ICMP packet that has the More Fragments flag set or that has an offset value indicated in the offset field. See Figure 135.

Figure 135: Blocking ICMP Fragments

Image ICMP1.gif

Related Topics


[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]