ping-death (IDS Screen Next Gen Services)
Statement introduced in Junos OS Release 19.3R2 on MX Series routers (MX240, MX480 and MX960) running Next Gen Services with the MX-SPC3 services card.
Identify and drop oversized and irregular ICMP packets, which protects against the ping of death attack. In the ping of death attack, the attacker sends the target ping packets whose IP datagram length (ip_len) exceeds the maximum legal length (65,535 bytes) for IP packets, and the packets are fragmented. When the target attempts to reassemble the IP packets, a buffer overflow might occur, resulting in system crashing, freezing, and restarting.
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.