[j-nsp] Protect-re

jjsyed at aol.com jjsyed at aol.com
Sun Feb 1 14:52:24 EST 2015


Hello Guys,

quick questions , AFAIK, there was some kind security alert issued long time ago dont remember exactly when , but we were told that to use below configuration in RE filter to protect the RE resources...i like to know if it is still valid threat and if somebody can shed some light why it is important to have it in filter?

 term first-icmp-frag {
                from {
                    first-fragment;
                    protocol icmp;
                }
                then {
                    count icmp-fragment-discards;
            log 
                    discard;
                }
            }
            term next-icmp-frag {
                from {
                    is-fragment;
                    protocol icmp;
                }
                then {
                    count icmp-fragment-discards;
            log 

 

 

 

-----Original Message-----
From: sthaug <sthaug at nethelp.no>
To: tmikolajek <tmikolajek at gmail.com>
Cc: juniper-nsp <juniper-nsp at puck.nether.net>
Sent: Thu, Nov 27, 2014 1:51 am
Subject: Re: [j-nsp] Protect-re


> http://www.juniper.net/us/en/training/jnbooks/day-one/fundamentals-series/securing-routing-engine/

Also worth looking at: http://www.team-cymru.org/ReadingRoom/Templates/

Steinar Haug, Nethelp consulting, sthaug at nethelp.no
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

 


More information about the juniper-nsp mailing list