Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] What is 'ICMP Ping ID Zero Protection' Screen Protection?

0

0

Article ID: KB8342 KB Last Updated: 03 Sep 2020Version: 7.0
Summary:

Understanding 'ICMP Ping ID Zero Protection' Screen Protection.

Solution:

The ICMP header has the following information:

    Type: 8 (Echo (ping) request)
    Code: 0
    Checksum: 0xd455 [correct]
    Identifier: 0x0300
    Sequence number: 0x7606
    Data (32 bytes)

The Screen Options 'ICMP Ping ID Zero protection' will drop packets if either a Echo Request or Echo Reply packet is received with Identifier as Zero.  The Identifier and Sequence Number is used to match ICMP sessions on the firewall.

Below is the packet dump from the sniffer trace with good ICMP packet:

Ethernet II, Src: Ibm_76:5d:03 (00:0d:60:76:5d:03), Dst: IETF-VRRP-virtual-router-VRID_1c (00:00:5e:00:01:1c)
    Destination: IETF-VRRP-virtual-router-VRID_1c (00:00:5e:00:01:1c)
    Source: Ibm_76:5d:03 (00:0d:60:76:5d:03)
    Type: IP (0x0800)

Internet Protocol, Src: 172.24.28.170 (172.24.28.170), Dst: 172.19.51.188 (172.19.51.188)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 60
    Identification: 0x16b1 (5809)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: ICMP (0x01)
    Header checksum: 0x7b7e [correct]
        Good: True
        Bad : False
    Source: 172.24.28.170 (172.24.28.170)
    Destination: 172.19.51.188 (172.19.51.188)

Internet Control Message Protocol
    Type: 8 (Echo (ping) request)
    Code: 0
    Checksum: 0xd455 [correct]
    Identifier: 0x0300
    Sequence number: 0x7606
    Data (32 bytes)

 

Modification History:
2020-09-03: Article reviewed for accuracy. Non-technical changes done.
2019-05-06: Content reviewed for accuracy
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search