[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

show security screen ids-option

Syntax

show security screen ids-option
screen-name
<node ( node-id | all | local | primary)>

Release Information

Command introduced in Release 8.5 of JUNOS software; node options added in Release 9.0 of JUNOS software.

Description

Display configuration information about the specified security screen.

This command is supported on J-series and SRX-series devices.

Options

screen-name —Name of the screen.

node—(Optional) For chassis cluster configurations, display the configuration status of the security screen on a specific node.

Required Privilege Level

view

Related Topics

ids-option

List of Sample Output

show security screen ids-option jscreen
show security screen ids-option jscreen1 node all

Output Fields

Table 92 lists the output fields for the show security screen ids-option command. Output fields are listed in the approximate order in which they appear.

Table 92: show security screen ids-option Output Fields

Field Name

Field Description

TCP port scan threshold

Number of microseconds during which the device accepts packets from the same remote source with up to 10 different port numbers.

ICMP address sweep threshold

Maximum number of microseconds during which up to 10 ICMP echo requests from the same host are allowed into the device.

UDP flood threshold

Number of UDP packets per second allowed to ping the same destination address before the device rejects further UDP packets.

TCP winnuke

Enable or disable the detection of Transport Control Protocol (TCP) WinNuke attacks.

TCP SYN flood attack threshold

Number of SYN packets per second required to trigger the SYN proxy response.

TCP SYN flood alarm threshold

Number of half-complete proxy connections per second at which the device makes entries in the event alarm log.

TCP SYN flood source threshold

Number of SYN segments to be received per second before the device starts dropping connection requests.

TCP SYN flood destination threshold

Number of SYN segments received per second before the device begins dropping connection requests.

TCP SYN flood timeout

Maximum length of time before a half-completed connection is dropped from the queue.

TCP SYN flood queue size

Number of proxy connection requests that can be held in the proxy connection queue before the device starts rejecting new connection requests.

ICMP large packet

Enable or disable the detection of any ICMP frame with an IP length greater than 1024 bytes.

Sample Output

show security screen ids-option jscreen

user@host> show security screen ids-option jscreen 
Screen object status:
Name                                         Value
  TCP port scan threshold                    5000
  ICMP address sweep threshold               5000

Sample Output

show security screen ids-option jscreen1 node all

user@host> show security screen ids-option jscreen1 node all 
node0:
--------------------------------------------------------------------------
Screen object status:
Name                                         Value
  UDP flood threshold                        1000       
  TCP winnuke                                enabled    
  TCP SYN flood attack threshold             200        
  TCP SYN flood alarm threshold              512        
  TCP SYN flood source threshold             4000       
  TCP SYN flood destination threshold        4000       
  TCP SYN flood timeout                      20         
  TCP SYN flood queue size                   1024       
  ICMP large packet                          enabled    
node1:
--------------------------------------------------------------------------
Screen object status:
Name                                         Value
  UDP flood threshold                        1000       
  TCP winnuke                                enabled    
  TCP SYN flood attack threshold             200        
  TCP SYN flood alarm threshold              512        
  TCP SYN flood source threshold             4000       
  TCP SYN flood destination threshold        4000       
  TCP SYN flood timeout                      20         
  TCP SYN flood queue size                   1024       
  ICMP large packet                          enabled
[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]