[
Contents]
[
Prev]
[
Next]
[
Index]
[
Report an Error]
show security screen ids-option
Syntax
- show security screen ids-option
- screen-name
- <node ( node-id | all | local
| primary)>
Release Information
Command introduced in Release 8.5 of
JUNOS software; node options added in Release
9.0 of JUNOS software.
Description
Display configuration information about
the specified security screen.
This command is
supported on J-series and SRX-series devices.
Options
screen-name —Name of the screen.
node—(Optional) For chassis cluster configurations, display
the configuration status of the security screen on a specific node.
-
node-id —Identification number of the node. It can be
0 or 1.
-
all—Display information about all
nodes.
-
local—Display information about the
local node.
-
primary—Display information about
the primary node.
Required Privilege Level
view
Related Topics
ids-option
List of Sample Output
show security screen ids-option jscreen
show security screen ids-option jscreen1 node all
Output Fields
Table 92 lists the output fields for the show security screen
ids-option command. Output fields are listed in the approximate
order in which they appear.
Table 92: show security screen ids-option Output Fields
|
Field Name
|
Field Description
|
|
TCP port scan threshold
|
Number of microseconds during which the device accepts
packets from the same remote source with up to 10 different port numbers.
|
|
ICMP address sweep threshold
|
Maximum number of microseconds during which up to
10 ICMP echo requests from the same host are allowed into the device.
|
|
UDP flood threshold
|
Number of UDP packets per second allowed to ping
the same destination address before the device rejects further UDP
packets.
|
|
TCP winnuke
|
Enable or disable the detection of Transport Control
Protocol (TCP) WinNuke attacks.
|
|
TCP SYN flood attack threshold
|
Number of SYN packets per second required to trigger
the SYN proxy response.
|
|
TCP SYN flood alarm threshold
|
Number of half-complete proxy connections per second
at which the device makes entries in the event alarm log.
|
|
TCP SYN flood source threshold
|
Number of SYN segments to be received per second
before the device starts dropping connection requests.
|
|
TCP SYN flood destination threshold
|
Number of SYN segments received per second before
the device begins dropping connection requests.
|
|
TCP SYN flood timeout
|
Maximum length of time before a half-completed connection
is dropped from the queue.
|
|
TCP SYN flood queue size
|
Number of proxy connection requests that can be held
in the proxy connection queue before the device starts rejecting new
connection requests.
|
|
ICMP large packet
|
Enable or disable the detection of any ICMP frame
with an IP length greater than 1024 bytes.
|
show security screen ids-option jscreen
user@host> show
security screen ids-option jscreen
Screen object status:
Name Value
TCP port scan threshold 5000
ICMP address sweep threshold 5000
show security screen ids-option jscreen1 node all
user@host> show
security screen ids-option jscreen1 node all
node0:
--------------------------------------------------------------------------
Screen object status:
Name Value
UDP flood threshold 1000
TCP winnuke enabled
TCP SYN flood attack threshold 200
TCP SYN flood alarm threshold 512
TCP SYN flood source threshold 4000
TCP SYN flood destination threshold 4000
TCP SYN flood timeout 20
TCP SYN flood queue size 1024
ICMP large packet enabled
node1:
--------------------------------------------------------------------------
Screen object status:
Name Value
UDP flood threshold 1000
TCP winnuke enabled
TCP SYN flood attack threshold 200
TCP SYN flood alarm threshold 512
TCP SYN flood source threshold 4000
TCP SYN flood destination threshold 4000
TCP SYN flood timeout 20
TCP SYN flood queue size 1024
ICMP large packet enabled
[
Contents]
[
Prev]
[
Next]
[
Index]
[
Report an Error]