Example: Blocking IP Spoofing

This example shows how to configure a screen to block IP spoof attacks.

• Requirements
• Overview
• Configuration
• Verification

Requirements

Before you begin, understand how IP Spoofing works. See Understanding IP Spoofing.

Overview

One method of attempting to gain access to a restricted area of a network is to insert a bogus source address in the packet header to make the packet appear to come from a trusted source. This technique is called IP spoofing.

In this example, you configure a screen called screen-1 to block IP spoof attacks and enable the screen in the zone-1 security zone.

Configuration

Step-by-Step Procedure

To block IP spoofing:

1. Configure the screen.
   [edit ]user@host# set security screen ids-option screen-1 ip spoofing
2. Enable the screen in the security zone.
   [edit]user@host# set security zone security-zone zone-1 screen screen-1
3. If you are done configuring the device, commit the configuration.
   [edit]user@host# commit

Verification

To verify the configuration is working properly, enter the show security screen command.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices