 |
Note: The value unit is connections per source address. The default value is 512 connections from any single address. |
Malicious users can fill up the firewall session table to the point where the device begins rejecting legitimate connection requests by continuously initiating SYN-ACK-ACK sessions.
|
Before You Begin |
|---|
|
For background information, read Understanding SYN-ACK-ACK Proxy Flood Attacks. |
To enable protection against a SYN-ACK-ACK proxy flood, use the JUNOS CLI configuration editor. The specified zone is where the attack originated.
|
Note: The value unit is connections per source address. The default value is 512 connections from any single address. |
- user@host# set security screen 1000-syn-ack-ack-proxy
tcp syn-ack-ack-proxy threshold 1000
- user@host# set security zones security-zone zone screen
1000-syn-ack-ack-proxy
