Attackers sometimes configure IP options incorrectly, producing either incomplete or malformed fields. The incorrect formatting is anomalous and potentially harmful to the intended recipient.
Before You Begin |
---|
For background information, read Understanding Bad IP Option Protection. |
You can use either J-Web or the CLI configuration editor to detect and block IP packets with incorrectly formatted IP options. The specified security zone is the one from which the packets originated.
This topic covers:
To configure screens:
To configure zones:
- user@host# set security screen ids-option
ip-bad-option ip bad-option
- user@host# set security zones security-zone
zone screen ip-bad-option