[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Detecting Packets with Either a Loose or Strict Source Route Option Set

Checking for SYN flags can also prevent attackers from using IP source route options to hide their true address and access restricted areas of a network by specifying a different path. TCP SYN checking is on by default.

Before You Begin

For background information, read Understanding Attacker Evasion Techniques.

You can use either J-Web or the CLI configuration editor to detect and record, but not block, packets with a loose or strict source route option set.

This topic covers:

J-Web Configuration

To configure screens:

  1. Select CLI Tools>Point and Click CLI.
  2. Next to Security, click Edit.
  3. Next to Screen, click Edit.
  4. Next to Ids option, click Add new entry.
  5. In the Name box, type ip-loose-src-route.
  6. Next to Ip, click Configure.
  7. Next to loose source route option, select the check box and click OK.
  8. Next to Ip, click Edit.
  9. Next to ip strict src route, select the check box and click OK.
  10. To save and commit the configuration, click Commit.

To configure zones:

  1. Select CLI Tools>Point and Click CLI.
  2. Next to Security, click Edit.
  3. Next to Zones, click Edit.
  4. Next to Security zone, click Add new entry.
  5. In the Name box, type zone.
  6. In the Screen box, type ip-strict-src-route and click OK.
  7. To save and commit the configuration, click Commit.

CLI Configuration

user@host# set security screen ids-option ip-loose-src-route ip loose-source-route-option
user@host# set security screen ids-option ip-strict-src-route ip strict-source-route-option
user@host# set security zones security-zone zone screen ip-strict-src-route

Related Topics


[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]