syn-flood
Syntax
syn-flood {
alarm-threshold number;
attack-threshold number;
destination-threshold number;
source-threshold number;
timeout seconds;
white-list name {
destination-address destination-address;
source-address source-address;
}
}
Hierarchy Level
[edit security screen ids-option screen-name tcp]
Description
Configure detection and prevention of SYN flood attacks. Such attacks occur when the connecting host continuously sends TCP SYN requests without replying to the corresponding ACK responses.
On all SRX Series Firewalls, the TCP synchronization flood alarm threshold value does not indicate the number of packets dropped, however the value does show the packet information after the alarm threshold has been reached.
The synchronization cookie or proxy never drops packets; therefore
the alarm-without-drop (not drop) action is shown in the system log.
Options
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 8.5.