-
ids-option screen-name {
-
- alarm-without-drop;
-
- icmp {
-
- flood {
- threshold number ;
- }
- fragment;
-
- ip-sweep {
- threshold number ;
- }
- large;
- ping-death;
- }
-
- ip {
- bad-option;
- block-frag;
- loose-source-route-option;
- record-route-option;
- security-option;
- source-route-option;
- spoofing;
- stream-option;
- strict-source-route-option;
- tear-drop;
- timestamp-option;
- unknown-protocol;
- }
-
- limit-session {
- destination-ip-based number
;
- source-ip-based number ;
- }
-
- tcp {
- fin-no-ack;
- land;
-
- port-scan {
- threshold number ;
- }
-
- syn-ack-ack-proxy {
- threshold number ;
- }
- syn-fin;
-
- syn-flood {
- alarm-threshold number ;
- attack-threshold number ;
- destination-threshold number
;
- source-threshold number ;
- timeout
seconds ;
- }
- syn-frag;
- tcp-no-flag;
- winnuke;
- }
-
- udp {
-
- flood {
- threshold number ;
- }
- }
- }
- }
- [edit security screen]
Statement introduced in Release 8.5 of JUNOS software.
Define screens for intrusion detection and prevention.
This statement is supported on J-series and SRX-series devices.
The remaining statements are explained separately.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.