Blocking Packets with Either a Loose or Strict Source Route Option Set

Checking for SYN flags can prevent attackers from using IP source route options to hide their true address and access restricted areas of a network by specifying a different path. TCP SYN checking is on by default.

You can use either J-Web or the CLI configuration editor to block packets with either a loose or strict source route option set. The specified security zone is the one from which the packets originated.

This topic covers:

• J-Web Configuration
• CLI Configuration
• Related Topics

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.