Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] IPv6 neighbor solicitation messages from the '::' source are dropped by IP spoofing

0

0

Article ID: KB22760 KB Last Updated: 07 Mar 2012Version: 1.0
Summary:
This article describes the issue of IPv6 neighbor solicitation messages, from the :: source, being dropped by IP spoofing.
Symptoms:
IPv6 neighbor solicitation messages, from the :: source, are dropped by IP spoofing.
Cause:
When IP spoofing is enabled, the packets coming from the :: source IPv6 address are detected as spoof and dropped.

RFC4862 describes:

"Neighbor Solicitation Duplicate address discovery should come from an unspecified source (which is ::) as ICMPv6."

The following snapshot is from GET EVENT:

2011-12-27 10:23:22 system alert 00008 IP spoofing! From :: to fe80::202:b3ff:e4d5, proto 58 (zone Trust, int ethernet1/0). Occurred 1 times.
2011-12-27 10:23:18 system alert 00008 IP spoofing! From :: to fe80::202:b3ff:e4d5, proto 58 (zone Trust, int ethernet1/0). Occurred 1 times.
2011-12-27 10:23:17 system alert 00008 IP spoofing! From :: to ff02::16, proto 58 (zone Trust, int ethernet1/0). Occurred 1 times.

Reason for the issue:

For screen IP spoofing, the packet's SRC IP address should be reachable in the route entry; otherwise the packet is dropped. But the IPv6 NDP packet may be sent with an unspecified address as the SRC IP address. The unspecified address is not found in the route table; so it is considered as IP-spoofing and is dropped.


Solution:
For screen IP spoofing, do not perform the check for unspecified IPv6 addresses.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search