| Screen |
Name
|
Name of the screen object.
|
Specify a unique name for the screen object you are defining.
|
Generate Alarms without Dropping Packets
|
Generates alarms without dropping packets.
|
Select this check box to enable alarm generation but do not
drop any packets.
|
| Scan/Spoof/Sweep
Defense |
IP Address Spoof
|
Enables IP address spoofing. IP spoofing is when a bogus source
address is inserted in the packet header to make the packet appear
to come from a trusted source.
|
Select this check box to enable IP address spoofing.
|
IP Address Sweep
|
Number of ICMP address sweeps. An IP address sweep can occur
with the intent of triggering responses from active hosts.
|
Select this check box to enable IP address sweep.
Configure a time interval (in microseconds). If a remote host
sends ICMP traffic to 10 addresses within this interval, an address
sweep attack is flagged and further ICMP packets from the remote host
are rejected. Valid values are between 1000 and 1000000 microseconds.
The default value is 5000 microseconds.
|
Port Scan
|
Number of TCP port scans. The purpose of this attack is to scan
the available services in the hopes that at least one port will respond,
thus identifying a service to target.
|
Select this check box to enable port scanning.
Configure a time interval (in microseconds). If a remote host
scans 10 ports within this interval, a port scan attack is flagged
and further packets from the remote host are rejected. Valid values
are between 1000 and 1000000 microseconds. The default value is 5000
microseconds.
|
| MS-Windows
Defense |
WinNuke Attack Protection
|
Number of Transport Control Protocol (TCP) WinNuke attacks.
WinNuke is a DoS attack targeting any computer on the Internet running
Windows.
|
Select this check box to enable WinNuke attack protection option.
|
| Denial of
Service Defense |
Land Attack Protection
|
Number of land attacks. Land attacks occur when an attacker
sends spoofed SYN packets containing the IP address of the victim
as both the destination and source IP address.
|
Select this check box to enable land attack protection option.
|
Teardrop Attack Protection
|
Number of teardrop attacks. Teardrop attacks exploit the reassembly
of fragmented IP packets.
|
Select this check box to enable teardrop protection option.
|
ICMP Fragment Protection
|
Number of ICMP fragments. Because ICMP packets contain very
short messages, there is no legitimate reason for ICMP packets to
be fragmented. If an ICMP packet is so large that it must be fragmented,
something is amiss.
|
Select this check box to enable ICMP fragment protection option.
|
Ping of Death Attack Protection
|
ICMP ping of death counter. Ping of death occurs when IP packets
are sent that exceed the maximum legal length (65,535 bytes).
|
Select this check box to enable ping of death attack protection
option.
|
Large Size ICMP Packet Protection
|
Number of large ICMP packets.
|
Select this check box to enable large (size >1024) ICMP packet
protection option.
|
Block Fragment Traffic
|
Number of IP block fragments.
|
Select this check box to enable IP fragment blocking.
|
Source IP Based Session Limit
|
Limits sessions from the same source IP.
|
Select this check box to enable source IP based session limit.
Configure the threshold between 1 and 50000 sessions. The default
value is 128 sessions.
Note:
For SRX Series devices, the applicable range is 1 through 8000000
sessions per second.
|
Destination IP Based Session Limit
|
Limits sessions to the same destination IP.
|
Select this check box to enable destination IP based session
limit.
Configure the threshold between 1 and 50000 sessions. The default
value is 128 sessions.
Note:
For SRX Series devices, the applicable range is 1 through 8000000
sessions per second.
|
SYN-ACK-ACK Proxy Protection
|
Number of TCP flags enabled with SYN-ACK-ACK. This is designed
to prevent flooding with SYN-ACK-ACK sessions. After the number of
connections from the same IP address reaches the SYN-ACK-ACK proxy
threshold, JUNOS 8.5 software rejects further connection requests
from that IP address.
|
Select this check box to enable the SYN-ACK-ACK proxy protection
screen option.
Configure the threshold value between 1 and 250000 unauthenticated
connections. The default value is 512.
|
| IP Option
Anomalies |
Bad IP Option
|
Number of bad options counter.
|
Select this check box to enable IP with bad option IDs screen
option.
|
Record Route Option
|
Records the IP addresses of the network devices along the path
that the IP packet travels.
|
Select this check box to enable IP with record route option.
|
Timestamp Option
|
Records the time (in Universal Time) when each network device
receives the packet during its trip from the point of origin to its
destination.
|
Select this check box to enable IP with timestamp option.
|
Security Option
|
Provides a way for hosts to send security.
|
Select this check box to enable IP with security option.
|
Stream Option
|
Provides a way for the 16-bit SATNET stream identifier to be
carried through networks that did not support the stream concept.
|
Select this check box to enable IP with stream option.
|
Loose Source Route Option
|
Specifies a partial route list for a packet to take on its journey
from source to destination.
|
Select this check box to enable IP with loose source route option.
|
Strict Source Route Option
|
Specifies the complete route list for a packet to take on its
journey from source to destination.
|
Select this check box to enable IP with strict source route
option.
|
Source Route Option
|
Number of IP addresses of the devices set at the source that
an IP transmission is allowed to take along the path on its way to
its destination.
|
Select this check box to enable IP with source route option.
|
| TCP/IP Anomalies |
SYN Fragment Protection
|
Number of TCP SYN fragments.
|
Select this check box to enable SYN Fragment option.
|
SYN and FIN Flags Set Protection
|
Number of TCP SYN and FIN flags. When you enable this option,
JUNOS Software checks if the SYN and FIN flags are set in TCP headers.
If it discovers such a header, it drops the packet.
|
Select this check box to enable SYN and FIN flags Set option.
|
FIN Flag without ACK Flag Set Protection
|
Number of TCP FIN flags without the acknowledge (ACK) flag.
When you enable this option, JUNOS Software checks if the FIN flag
is set but not the ACK flag in TCP headers. If it discovers a packet
with such a header, it drops the packet.
|
Select this check box to enable FIN flag without ACK option
and FIN Flag Set option.
|
TCP Packet without Flag Set Protection
|
Number of TCP headers without flags set. A normal TCP segment
header has at least one flag control set.
|
Select this check box to enable TCP Packet without Flag Set
option.
|
Unknown Protocol Protection
|
Number of internet protocols (IP) that are unknown.
|
Select this check box to enable Unknown Protocol Protection
option.
|
| Flood Defense |
ICMP Flood Protection
|
Internet Control Message Protocol (ICMP) flood counter. An ICMP
flood typically occurs when ICMP echo requests use all resources in
responding, such that valid network traffic can no longer be processed.
|
Select this check box to enable ICMP Flood Protection option.
Configure threshold value for ICMP flood between 1 and 100000
ICMP packets per second (pps).
The default value is 1000 pps.
Note:
For SRX Series devices, the applicable range is 1 through 4000000
ICMP Packets per second.
|
UDP Flood Protection
|
User Datagram Protocol (UDP) flood counter. UDP flooding occurs
when an attacker sends IP packets containing UDP datagrams with the
purpose of slowing down the resources, such that valid connections
can no longer be handled.
|
Select this check box to enable UDP Flood Protection option.
Configure threshold value for UDP flood between 1 and 100000
UDP packets with same destination address per second (pps).
The default value is 1000 pps.
Note:
For SRXSeries devices, the applicable range is 1 through 4000000
UDP packets per second.
|
SYN Flood Protection
|
Attack Threshold—Number of SYN packets per second required
to trigger the SYN proxy mechanism.
Alarm Threshold—Define the number of half-complete proxy
connections per second at which the device makes entries in the event
alarm log.
Source Threshold—Number of SYN segments received per second
from a single source IP address (regardless of the destination IP
address and port number) before the device begins dropping connection
requests from that source.
Destination Threshold—Number of SYN segments received
per second for a single destination IP address before the device begins
dropping connection requests to that destination. If a protected host
runs multiple services, you might want to set a threshold based only
on destination IP address, regardless of the destination port number.
Timeout—Maximum length of time before a half-completed
connection is dropped from the queue. You can decrease the timeout
value until you see any connections dropped during normal traffic
conditions.
|
Attack Threshold—Configure a value between 1 and 100000
proxied requests per second. The default value is 200.
Note:
For SRX Series devices, the applicable range is 1 through 1000000
proxied requests per second.
Alarm Threshold—Configure a value between 1 and 100000
segments received per second for SYN flood alarm. The default value
is 512.
Note:
For SRX Series devices, the applicable range is 1 through 1000000
segments per second.
Source Threshold—Configure a value for SYN flood from
the same source between 4 and 100000 segments received per second.
The default value is 4000.
Note:
For SRX Series devices, the applicable range is 4 through 1000000
segments per second.
Destination Threshold—Configure a value for SYN flood
to the same destination between 4 and 100000. The default value is
4000.
Note:
For SRX Series devices, the applicable range is 4 through 1000000
segments per second.
Timeout—Configure a value for SYN attack protection between
1 and 50 seconds. The default value is 20 seconds.
|
