Protocol types with ID numbers of 137 or greater are reserved and undefined at this time. Therefore, there is no way to know in advance if a particular unknown protocol is benign or malicious.
|
Before You Begin |
|---|
|
For background information, read Understanding Unknown Protocol Protection. |
To drop packets that use an unknown protocol, use the JUNOS CLI configuration editor. The specified security zone is the one from which the packets originates.
- user@host# set security zones security-zone zone screen
unknown-protocol
- user@host# set security screen unknown-protocol ip
unknown-protocol
