[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Detecting Packets That Use IP Options for Reconnaissance

Attackers can use the record route, timestamp, security, and stream ID IP options for reconnaissance or for some unknown but suspect purpose. To detect packets with these options set, you can use either J-Web or the CLI configuration editor.

This topic covers:

J-Web Configuration

To configure screen and assign an Internet Protocol (IP) to it:

  1. Select CLI Tools>Point and Click CLI.
  2. Next to Security, click Configure or Edit.
  3. Next to Screen, click Edit.
  4. Next to Ids option, click Add new entry.
  5. In the Name box, type ip-record-route.
  6. Next to Ip, click Configure.
  7. Next to Record route option, select the check box and click OK.
  8. Next to Ids option, click Add new entry.
  9. In the Name box, type ip-timestamp-opt.
  10. Next to Ip, click Edit.
  11. Next to Timestamp option, select the check box and click OK.
  12. Next to Ids option, click Add new entry.
  13. In the Name box, type ip-security-opt.
  14. Next to Ip, click Edit.
  15. Next to Security option, select the check box and click OK.
  16. In the Name box, type ip-stream-opt.
  17. Next to Ip, click Edit.
  18. Next to Stream option, select the check box and click OK.
  19. To save and commit the configuration, click Commit.

To configure zones:

  1. Select CLI Tools>Point and Click CLI.
  2. Next to Security, click Configure or Edit.
  3. Next to Zones, click Configure.
  4. Next to Security zone, click Add new entry.
  5. In the Name box, type zone.
  6. In the Screen box, type ip-record-route-opt and click OK.
  7. Next to Security zone, click Add new entry.
  8. In the Name box, type zone.
  9. In the Screen box, type ip-timestamp-opt and click OK.
  10. Next to Security zone, click Add new entry.
  11. In the Name box, type zone.
  12. In the Screen box, type ip-security-opt and click OK.
  13. Next to Security zone, click Add new entry.
  14. In the Name box, type zone.
  15. In the Screen box, type ip-stream-opt and click OK.
  16. To save and commit the configuration, click Commit.

CLI Configuration

user@host# set security screen ids-option ip-record-route ip record-route-option
user@host# set security screen ids-option ip-timestamp-opt ip timestamp-option
user@host# set security screen ids-option ip-security-opt ip security-option
user@host# set security screen ids-option ip-stream-opt ip stream-option
user@host# set security zones security-zone zone screen ip-record-route-opt
user@host# set security zones security-zone zone screen ip-timestamp-opt
user@host# set security zones security-zone zone screen ip-security-opt
user@host# set security zones security-zone zone screen ip-stream-opt
[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]