Example: Blocking IP Address Sweeps

This example describes how to configure a screen to block an IP address sweep originating from a security zone.

• Requirements
• Overview
• Configuration
• Verification

Requirements

Before you begin:

1. Understand how IP address sweeps work. See Understanding IP Address Sweeps.
2. Configure security zones. Security Zones and Interfaces Overview.

Overview

You need to enable a screen for a security zone if you have configured a policy that permits ICMP traffic from that zone. If you have not configured such a policy, then your system denies all ICMP traffic from that zone, and the attacker cannot perform an IP address sweep successfully anyway.

In this example you configure a 5000-ip-sweep screen to block IP address sweeps originating in the zone-1 security zone.

Configuration

Step-by-Step Procedure

To configure a screen to block IP address sweeps:

1. Configure a screen.
   [edit]user@host# set security screen ids-option 5000-ip-sweep icmp ip-sweep threshold 5000
2. Enable the screen in the security zone.
   [edit] user@host# set security zones security-zone zone-1 screen 5000-ip-sweep
3. If you are done configuring the device, commit the configuration.
   [edit]user@host# commit

Verification

To verify the configuration is working properly, enter the show security zones command.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices