by-protocol (IDS MS-MPC)
Syntax
by-protocol {
icmp {
maximum number;
packets number;
rate number;
}
tcp {
maximum number;
packets number;
rate number;
}
udp {
maximum number;
packets number;
rate number;
}
}
Hierarchy Level
[edit services ids rule rule-name term term-name then session-limit by-destination], [edit services ids rule rule-name term term-name then session-limit by-source]
Description
Configure the IDS rule session limits for an individual destination or source address or subnet for the specified protocol. This protects against network probing attacks and network flooding attacks. This IDS rule can only be assigned to a service set on an MS-MPC.
When a session limit is exceeded for a source or destination for the protocol, packets from the source or to the destination are dropped until the session limit is no longer exceeded.
To specify limits for destination or source subnets rather than
individual addresses, include the aggregation statement
at the [edit services ids rule rule-name term term-name then] hierarchy level.
Options
| icmp | Apply session limits to ICMP packets.
|
||||||
| tcp | Session limits apply to TCP packets.
|
||||||
| udp | Session limits apply to UDP packets.
|
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 17.1.