[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

syn-ack-ack-proxy

Syntax

syn-ack-ack-proxy; {
threshold number ,
}

Hierarchy Level

[edit security screen ids-option screen-name tcp]

Release Information

Statement introduced in Release 8.5 of JUNOS software.

Description

Prevent the SYN-ACK-ACK attack, which occurs when the attacker establishes multiple Telnet sessions without allowing each session to terminate. This behavior consumes all open slots, generating a denial-of-service (DoS) condition.

This statement is supported on J-series and SRX-series devices.

Options

threshold number — Number of connections from any single IP address.

Range: 1 through 250000
Default: 512

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]