 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
Block Trivial File Transfer Protocol (TFTP) access, logging any attempts to establish TFTP connections:
- [edit]
- firewall {
-
- family inet {
-
- filter tftp-access-control {
-
- term one {
-
- from {
- protocol udp;
- port tftp;
- }
-
- then {
- log;
- discard;
- }
- }
- }
- }
- }
By default, to decrease vulnerability to denial-of-service (DoS) attacks, the JUNOS software filters and discards Dynamic Host Configuration Protocol (DHCP) or Bootstrap Protocol (BOOTP) packets that have a source address of 0.0.0.0 and a destination address of 255.255.255.255. This default filter is known as a unicast RPF check. However, some vendors’ equipment automatically accepts these packets. To interoperate with other vendors' equipment, you can configure a filter that checks for both these addresses and overrides the default RPF-check filter by accepting these packets.
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |