- syn-flood-protection-mode (syn-cookie | syn-proxy);
- [edit security flow]
Statement introduced in Release 8.5 of JUNOS software.
Enable SYN-cookie defenses or SYN-proxy defenses against SYN attacks.
The SYN flood protection mode is enabled globally on the device and is activated when the configured syn-flood attack-threshold value is exceeded.
This statement is supported on J-series and SRX-series devices.
syn-cookie—Uses a cryptographic hash to generate a unique Initial Sequence Number (ISN). This is enabled by default.
syn-proxy—Uses a proxy to handle the SYN attack.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.