by-source (IDS MS-MPC)
Syntax
by-source {
by-protocol {
icmp {
maximum number;
packets number;
rate number;
}
tcp {
maximum number;
packets number;
rate number;
}
udp {
maximum number;
packets number;
rate number;
}
}
maximum number;
packets number;
rate number;
}
Hierarchy Level
[edit services ids rule rule-name term term-name then session-limit]
Description
Configure the IDS rule session limits for an individual source address or subnet. This protects against network probing attacks and network flooding attacks. When a session limit is exceeded for a source, packets from the source are dropped until the session limit is no longer exceeded. This IDS rule can only be assigned to a service set on an MS-MPC.
When a session limit is exceeded for a source, packets from the source are dropped until the session limit is no longer exceeded.
To specify limits for source subnets rather than individual
addresses, include the aggregation statement at the [edit services ids rule rule-name term term-name then] hierarchy level.
Options
| maximum number | Specify the maximum number of concurrent sessions allowed for an individual source address or subnet. |
| packets number | Specify the maximum number of packets per second allowed for an individual source address or subnet. |
| rate number | Specify the maximum number of connections per second allowed for an individual source address or subnet. |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 17.1.