Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Default Reject Rules for Source Address Spoofing

    The following guidelines describe when to configure the default reject rules for source address spoofing:

    • When the source address is equal to the address of the network interface where the network packet was received.
    • When the source address does not belong to the networks associated with the network interface where the network packet was received.
    • When the source address is defined as being on a broadcast network.
    • Before you begin, log in with your root account on a Junos OS device running Junos OS Release 12.1X46-D20 and edit the configuration.

    Note: You can enter the configuration commands in any order and commit all the commands at once.

    To configure default reject rules to log source address spoofing:

    1. Configure the security screen features and enable the IP address spoofing IDS option.
      [edit]user@host# set security screen ids-option trustScreen ip spoofing
    2. Specify the name of the security zone and the IDS option object applied to the zone.
      [edit]user@host# set security zones security-zone trustZone screen trustScreen

    Modified: 2014-05-28