[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Dropping Fragmented IP Packets

IP fragments might contain an attacker's attempt to exploit the vulnerabilities in the packet reassembly code of specific IP stack implementations.

Before You Begin
For background information, read Understanding IP Packet Fragment Protection.

To drop fragmented IP packets, use the JUNOS CLI configuration editor. The specified security zone is the one from which the fragments originated.



user@host# set security screen block-frag ip block-frag

user@host# set security zones security-zone zone screen
block-frag

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]