Navigation
Related Documentation
- EX, M, MX, PTX, SRX, T Series
- tcp-drop-synfin-set
- M, MX, T Series
- Configuring the Junos OS to Disable TCP RFC 1323 Extensions
- M, MX, PTX, QFX, T Series
- Configuring the Junos OS to Extend the Default Port Address Range
Configuring the Junos OS to Enable the Router or Switch to Drop Packets with the SYN and FIN Bits Set
By default, the router or switch accepts packets that have both the SYN and FIN bits set in the TCP flag. You can configure the router or switch to drop packets with both the SYN and FIN bits set. Accepting packets with the SYN and FIN bits set can result in security vulnerabilities, such as denial-of-service attacks. To configure the router or switch to drop such packets, include the tcp-drop-synfin-set statement at the [edit system internet-options] hierarchy level:
[edit system internet-options]tcp-drop-synfin-set;
Related Documentation
- EX, M, MX, PTX, SRX, T Series
- tcp-drop-synfin-set
- M, MX, T Series
- Configuring the Junos OS to Disable TCP RFC 1323 Extensions
- M, MX, PTX, QFX, T Series
- Configuring the Junos OS to Extend the Default Port Address Range
Published: 2013-02-22
Related Documentation
- EX, M, MX, PTX, SRX, T Series
- tcp-drop-synfin-set
- M, MX, T Series
- Configuring the Junos OS to Disable TCP RFC 1323 Extensions
- M, MX, PTX, QFX, T Series
- Configuring the Junos OS to Extend the Default Port Address Range
