Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How Does a NetScreen Device Handle Record Route Packet?

0

0

Article ID: KB6969 KB Last Updated: 20 Aug 2010Version: 4.0
Summary:
How Does a NetScreen Device Handle Record Route Packet?
Symptoms:

Environment:

  • Record Route Option
  • SCREEN Counters
  • Screen Option
  • IP Options 7
  • Screen Counter

Symptoms & Errors:

  • Record Route Packet is not dropped when Screen option is select
  • No event notification is logged when Record Route Packet is detected
  • Record Route Option is checked on SCREEN Option
Solution:

By default, the NetScreen device detects packets where the IP option is 7 (Record Route), and records the event in the Screen counters list for the ingress interface. The packets will not be dropped or logged to event notification. The Screen counters will increase upon the detection of the Record Route Packet. However, the network administrator can enable SNMP to monitor this event.

To enable the Record Route option, perform the following steps:

Open the WebUI. For more information on accessing the WebUI, go to Accessing Your NetScreen Using the WebUI.

From the NetScreen options menu, click Screening, and then click Screen.

Image of step two

Under Protocol Anomaly Reports -- IP Option Anomalies, click to select IP Record Route Option Detection.

Image of step three and four

Additional Information:

There is a documentation error on ScreenOS 4.0 CLI user manual as indicated follow:

ip-record-route Discards all frames with the Record Route option enabled. With the Record Route option enabled, attackers might access information concerning the path between the attacker and the target device, thus gaining information about the protected network.

This error is corrected in the new release of ScreenOS 5.0 documents and is scheduled to be revised on ScreenOS 4.0 CLI user guide.



Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search