Because ICMP packets contain very short messages, there is no legitimate reason for large ICMP packets. If an ICMP packet is unusually large, something is wrong.
|
Before You Begin |
|---|
|
For background information, read Understanding Large ICMP Packet Protection. |
To block large ICMP packets, use the JUNOS CLI configuration editor. The specified security zone is the one from which the ICMP packets originated.
- user@host# set security screen icmp-large icmp large
- user@host# set security zones security-zone zone screen
icmp-large
