Navigation
Supported Platforms
syn-flood-protection-mode
Syntax
syn-flood-protection-mode (syn-cookie | syn-proxy);
Hierarchy Level
[edit security flow]
Release Information
Statement introduced in Release 8.5 of Junos OS; support for IPv6 addresses added in Release 10.4 of Junos OS.
Description
Enable SYN cookie or SYN proxy defenses against SYN attacks. SYN flood protection mode is enabled globally on the device and is activated when the configured syn-flood attack-threshold value is exceeded.
Options
- syn-cookie—Uses a cryptographic hash to generate a unique Initial Sequence Number (ISN). This is enabled by default.
- syn-proxy—Uses a proxy to handle the SYN attack.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
