Example: Detecting Packets That Use IP Options for Reconnaissance (CLI)
The following example shows how to configure the ip-record-route, ip-timestamp-opt, ip-security-opt, and ip-stream-opt screens to detect packets with the record route, timestamp, security, and stream ID IP options set. The screens are enabled in the zone security zone.
To detect packets with the record route, timestamp, security, and stream ID IP options set:
Configure the ip-record-route, ip-timestamp-opt, ip-security-opt, and ip-stream-opt screens:
Note: Currently, these screen options are applicable only to IPv4.
user@host#set security screen ids-option ip-record-route ip record-route-option user@host#set security screen ids-option ip-timestamp-opt ip timestamp-option user@host#set security screen ids-option ip-security-opt ip security-option user@host#set security screen ids-option ip-stream-opt ip stream-optionEnable the screens in the zone security zone:
user@host#set security zones security-zone zone screen ip-record-route-opt user@host#set security zones security-zone zone screen ip-timestamp-opt user@host#set security zones security-zone zone screen ip-security-opt user@host#set security zones security-zone zone screen ip-stream-opt
Related Topics
- JUNOS Software Feature Support Reference for SRX Series and J Series Devices