[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Dropping IP Packets Containing SYN Fragments

A fragmented SYN packet is anomalous, and as such it is suspect. To be cautious, block such unknown elements from entering your protected network.

Before You Begin
For background information, read Understanding SYN Fragment Protection.

To drop IP packets containing SYN fragments, use the JUNOS CLI configuration editor. The specified security zone is the one from which the packets originated.



user@host# set security screen syn-frag tcp syn-frag

user@host# set security zones security-zone zone screen
syn-frag

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]