- syn-frag;
- [edit security screen ids-option screen-name tcp]
Statement introduced in Release 8.5 of JUNOS software.
Enables detection of a SYN fragment attack and drops any packet fragments used for the attack. A SYN fragment attack floods the target host with SYN packet fragments. The host caches these fragments, waiting for the remaining fragments to arrive so it can reassemble them. The flood of connections that cannot be completed eventually fills the host’s memory buffer. No further connections are possible, and damage to the host’s operating system can occur.
This statement is supported on J-series and SRX-series devices.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.