by-destination (IDS MS-MPC)
Syntax
by-destination {
by-protocol {
icmp {
maximum number;
packets number;
rate number;
}
tcp {
maximum number;
packets number;
rate number;
}
udp {
maximum number;
packets number;
rate number;
}
}
maximum number;
packets number;
rate number;
}
Hierarchy Level
[edit services ids rule rule-name term term-name then session-limit]
Description
Configure the IDS rule session limits for an individual destination address or subnet. This protects against network probing attacks and network flooding attacks. This IDS rule can only be assigned to a service set on an MS-MPC.
When a session limit is exceeded for a destination, packets to the destination are dropped until the session limit is no longer exceeded.
To specify limits for destination subnets rather than individual
addresses, include the aggregation statement at the [edit services ids rule rule-name term term-name then] hierarchy level.
Options
| maximum number | Specify the maximum number of concurrent sessions allowed for an individual destination address or subnet. |
| packets number | Specify the maximum number of packets per second allowed for an individual destination address or subnet. |
| rate number | Specify the maximum number of connections per second allowed for an individual destination address or subnet. |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 17.1.