With SYN checking enabled, the Juniper Networks device rejects TCP segments with non-SYN flags set unless they belong to an established session. Enabling SYN checking can help prevent attacker reconnaissance and session table floods.
Before You Begin |
---|
For background information, read Understanding Attacker Evasion Techniques. |
You can use either J-Web or the CLI configuration editor to disable SYN checking. TCP SYN checking is on by default.
This topic covers:
To disable SYN checking: