SCREEN Options for Detecting IP Options Used For Reconnaissance
The following SCREEN options detect IP options
that an attacker can use for reconnaissance or for some unknown but
suspect purpose:
Record Route: JUNOS software with enhanced services detects packets where the IP option
is 7 (Record Route) and records the event in the SCREEN counters list
for the ingress interface.
Timestamp: JUNOS software with enhanced services detects packets where the IP option list includes
option 4 (Internet Timestamp) and records the event in the SCREEN
counters list for the ingress interface.
Security: JUNOS software with enhanced services detects packets where the IP option is 2 (Security)
and records the event in the SCREEN counters list for the ingress
interface.
Stream
ID:JUNOS software with enhanced services detects packets where the IP option is 8 (Stream
ID) and records the event in the SCREEN counters list for the ingress
interface.
If a packet with any of the previous IP options
is received, JUNOS software with enhanced services flags this as a network reconnaissance
attack and records the event for the ingress interface.
