Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

ping-death (IDS Screen Next Gen Services)

 

Syntax

Hierarchy Level

Release Information

Statement introduced in Junos OS Release 19.3R2 on MX Series routers (MX240, MX480 and MX960) running Next Gen Services with the MX-SPC3 services card.

Description

Identify and drop oversized and irregular ICMP packets, which protects against the ping of death attack. In the ping of death attack, the attacker sends the target ping packets whose IP datagram length (ip_len) exceeds the maximum legal length (65,535 bytes) for IP packets, and the packets are fragmented. When the target attempts to reassemble the IP packets, a buffer overflow might occur, resulting in system crashing, freezing, and restarting.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.