Understanding Large ICMP Packet Protection
Internet Control Message Protocol (ICMP) provides error reporting and network probe capabilities. Because ICMP packets contain very short messages, there is no legitimate reason for large ICMP packets. If an ICMP packet is unusually large, something is amiss.
For example, the SRX 210 uses ICMP as a channel for transmitting covert messages. The presence of large ICMP packets might expose a compromised machine acting as a SRX 210 agent. It also might indicate some other kind of questionable activity. See Figure 65.
Figure 65: Blocking Large ICMP Packets
When you enable the large size ICMP packet protection screen option, JUNOS Software drops ICMP packets with a length greater than 1024 bytes.
Related Topics
- JUNOS Software Feature Support Reference for SRX Series and J Series Devices