by-source (IDS Screen Next Gen Services)
Syntax
by-source {
by-protocol {
icmp {
maximum-sessions number;
packet-rate number;
session-rate number;
}
tcp {
maximum-sessions number;
packet-rate number;
session-rate number;
}
udp {
maximum-sessions number;
packet-rate number;
session-rate number;
}
}
maximum-sessions number;
packet-rate number;
session-rate number;
;
}
Hierarchy Level
[edit services screen ids-option screen-name limit-session]
Description
Configure session limits for individual source addresses or for individual source subnets. This protects against network probing attacks and network flooding attacks. You can specify limits for specific protocols (ICMP, TCP, and UDP), or specify limits independent of a protocol. When a session limit is exceeded for a source, packets from the source are dropped until the session limit is no longer exceeded.
To specify limits for source subnets rather than individual
addresses, include the aggregations statement at the [edit services screen ids-option screen-name] hierarchy level.
Options
| maximum-sessions number | Specify the maximum number of concurrent sessions allowed for an individual source address or subnet. |
| packet-rate number | Specify the maximum number of packets per second allowed for an individual source address or subnet. |
| session-rate number | Specify the maximum number of connections per second allowed for an individual source address or subnet. |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 19.3R2.