by-protocol (IDS MS-MPC)
Syntax
by-protocol {
icmp {
maximum number;
packets number;
rate number;
}
tcp {
maximum number;
packets number;
rate number;
}
udp {
maximum number;
packets number;
rate number;
}
}
Hierarchy Level
[edit services ids rule rule-name term term-name then session-limit by-destination],
[edit services ids rule rule-name term term-name then session-limit by-source]
Release Information
Statement introduced in Junos OS Release
17.1.
Description
Configure the IDS rule session limits for an individual
destination or source address or subnet for the specified protocol.
This protects against network probing attacks and network flooding
attacks. This IDS rule can only be assigned to a service set on an
MS-MPC.
When a session limit is exceeded for a source or destination
for the protocol, packets from the source or to the destination are
dropped until the session limit is no longer exceeded.
To specify limits for destination or source subnets rather than
individual addresses, include the aggregation statement
at the [edit services ids rule rule-name term term-name then] hierarchy level.
Options
icmp—Apply session
limits to ICMP packets.
maximum number—Specify the maximum number of concurrent ICMP sessions
allowed for an individual destination or source address or subnet.
packets number—Specify the maximum number of ICMP packets per second
allowed for an individual destination or source address or subnet.
rate number—Specify the maximum number of ICMP connections per
second allowed for an individual destination or source address or
subnet.
tcp—Session limits
apply to TCP packets.
maximum number—Specify the maximum number of concurrent TCP sessions
allowed for an individual destination or source address or subnet.
packets number—Specify the maximum number of TCP packets per second
allowed for an individual destination or source address or subnet.
rate number—Specify the maximum number of TCP connections per
second allowed for an individual destination or source address or
subnet.
udp—Session limits
apply to UDP packets.
maximum number—Specify the maximum number of concurrent UDP sessions
allowed for an individual destination or source address or subnet.
packets number—Specify the maximum number of UDP packets per second
allowed for an individual destination or source address or subnet.
rate number—Specify the maximum number of UDP connections per
second allowed for an individual destination or source address or
subnet.
Required Privilege Level
interface—To view this statement in the
configuration.
interface-control—To add this statement to the configuration.
