[j-nsp] IPv4 Filter for ECN/CWR tcp bit (RFC3168)
Jonas Frey (Probe Networks)
jf at probe-networks.de
Fri Nov 27 08:20:49 EST 2015
i am trying to filter IPv4 traffic based on the tcp-options, in detail i
am looking to filter for traffic with options CWR and ECN set (RFC3168).
It seems this is not possible on current MX gear running 14.2.
From the docs juniper only lists 6 of the current 8 tcp-options
available to filter for:
If specified a hex value including ECN or CWR options commit will fail
with a dfw bitfield error.
Does anybody have any idea if its possible to filter for such traffic?
It seems even with MS-MIC this is not possible.
I am asking since we are seeing new types of dDos attacks using SYN
traffic with ECN and CWR bit set (however with a non-zero ACK window).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: This is a digitally signed message part
More information about the juniper-nsp