With SYN checking enabled, the Juniper Networks device rejects TCP segments with non-SYN flags set unless they belong to an established session. Enabling SYN checking can help prevent attacker reconnaissance and session table floods.
|
Before You Begin |
|---|
|
For background information, read Understanding Attacker Evasion Techniques. |
TCP SYN checking is on by default, you can disable SYN checking with the following CLI command:
- user@host# set security flow tcp-session no-syn-check
