Understanding Unknown Protocol Protection

Based on RFC 1700, the protocol types with ID numbers of 137 or greater are reserved and undefined at this time. Precisely because these protocols are undefined, there is no way to know in advance if a particular unknown protocol is benign or malicious.

Unless your network makes use of a nonstandard protocol with an ID number of 137 or greater, a cautious stance is to block such unknown elements from entering your protected network. See Figure 69.

When you enable the unknown protocol protection screen option, Junos OS drops packets when the protocol field contains a protocol ID number of 137 or greater by default.

Note: When you enable the unknown protocol protection screen option for IPv6 protocol , Junos OS drops packets when the protocol field contains a protocol ID number of 139 or greater by default.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices