[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Setting TCP SYN Checking

With SYN checking enabled, the Juniper Networks device rejects TCP segments with non-SYN flags set unless they belong to an established session. Enabling SYN checking can help prevent attacker reconnaissance and session table floods.

Before You Begin

For background information, read Understanding Attacker Evasion Techniques.

You can use either J-Web or the CLI configuration editor to disable SYN checking. TCP SYN checking is on by default.

This topic covers:

J-Web Configuration

To disable SYN checking:

  1. Select Configure>CLI Tools>Point and Click CLI.
  2. Next to Security, click Configure or Edit.
  3. Next to flow, click Configure.
  4. Next to Tcp session, click Configure.
  5. Next to No syn check, select the check box and click OK.
  6. To save and commit the configuration, click Commit.

CLI Configuration

user@host# set security flow tcp-session no-syn-check

Related Topics


[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]