You want to more adequately filter traffic that is not coming through the proper interfaces to better prevent spoofing.
Turn on unicast reverse-path forwarding ( RPF) on the router:
[edit routing-options] aviva@router1#
set forwarding-table unicast-reverse-path active-paths
Then enable it on the desired interface:
so-0/0/0unit 0 family inet] aviva@router1#
Unicast RPF is an extension of RPF, which is used by IP multicast routing protocols to prevent multicast routing loops. As the name implies, unicast RPF verifies unicast source addresses. When a router receives a packet, unicast RPF performs a route lookup on the source address to determine the interface closest to the source address (the reverse path to the source). If the receiving interface is not the closest interface, the packet is dropped.
Unicast RPF is one mechanism for dealing with address- spoofing DoS attacks. In these attacks, an intruder floods its target with packets that contain a spoofed source address, essentially impersonating another system's IP address. The flooding results in a DoS at the target, and because the source address is spoofed, the true source of the traffic is difficult to trace. UDP applications are more vulnerable to spoofing attacks than TCP applications because, though TCP uses sequence numbers and handshakes that require more than a single packet to establish and maintain ...