O'Reilly logo

Junos Security by James Quinn, Timothy Eberhard, Patricio Giecco, Brad Woodberg, Rob Cameron

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Basic Denial-of-Service Screens

Let’s start our coverage of defense from the second general category of attacks with a blast from the past. Juniper has also implemented screens for you to use to block many of the popular attacks from the 1990s. Yes, the 1990s. Although these attacks were patched many, many years ago, Juniper wrote screens to protect against them because they do show up as hackers attempt to cash in on a newer generation of network security engineers. For more up-to-date protections against exploits and attacks from this grand decade of the Internet, use of the IPS system is recommended.

Winnuke is an attack screen that blocks an attack on the Windows 95/NT/3.1 platforms. Winnuke attacked port 139 (NetBIOS) with some out-of-band data in an attempt to crash the system. You can block winnuke using the set security screen ids-option untrusted-internet tcp winnuke command.

A second attack from the mid-1990s is the Ping of Death attack. This attack involves sending a ping packet at the maximum possible size, which is 65,535 bytes. Sending a ping packet of this size would cause the end host to crash. To block this attack use the set security screen ids-option untrusted-internet icmp ping-death command.

A more sophisticated DoS attack from the 1990s that seems to come back to life every now and again is the Teardrop attack. The Teardrop attack was most recently found to crash Windows 7 boxes by attacking the SMB2 protocol. The Teardrop attack is two fragmented packets that ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required