Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

by-protocol (IDS MS-MPC)

 

Syntax

Hierarchy Level

Release Information

Statement introduced in Junos OS Release 17.1.

Description

Configure the IDS rule session limits for an individual destination or source address or subnet for the specified protocol. This protects against network probing attacks and network flooding attacks. This IDS rule can only be assigned to a service set on an MS-MPC.

When a session limit is exceeded for a source or destination for the protocol, packets from the source or to the destination are dropped until the session limit is no longer exceeded.

To specify limits for destination or source subnets rather than individual addresses, include the aggregation statement at the [edit services ids rule rule-name term term-name then] hierarchy level.

Options

icmpApply session limits to ICMP packets.
maximum numberSpecify the maximum number of concurrent ICMP sessions allowed for an individual destination or source address or subnet.
packets numberSpecify the maximum number of ICMP packets per second allowed for an individual destination or source address or subnet.
rate numberSpecify the maximum number of ICMP connections per second allowed for an individual destination or source address or subnet.
tcpSession limits apply to TCP packets.
maximum numberSpecify the maximum number of concurrent TCP sessions allowed for an individual destination or source address or subnet.
packets numberSpecify the maximum number of TCP packets per second allowed for an individual destination or source address or subnet.
rate numberSpecify the maximum number of TCP connections per second allowed for an individual destination or source address or subnet.
udpSession limits apply to UDP packets.
maximum numberSpecify the maximum number of concurrent UDP sessions allowed for an individual destination or source address or subnet.
packets numberSpecify the maximum number of UDP packets per second allowed for an individual destination or source address or subnet.
rate numberSpecify the maximum number of UDP connections per second allowed for an individual destination or source address or subnet.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.