Understanding Large ICMP Packet Protection

Internet Control Message Protocol (ICMP) provides error reporting and network probe capabilities. Because ICMP packets contain very short messages, there is no legitimate reason for large ICMP packets. If an ICMP packet is unusually large, something is amiss.

For example, the SRX 210 uses ICMP as a channel for transmitting covert messages. The presence of large ICMP packets might expose a compromised machine acting as a SRX 210 agent. It also might indicate some other kind of questionable activity. See Figure 67.

When you enable the large size ICMP packet protection screen option, Junos OS drops ICMP packets with a length greater than 1024 bytes.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices