Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

syn-flood

 

Syntax

Hierarchy Level

Release Information

Statement introduced in Junos OS Release 8.5.

Description

Configure detection and prevention of SYN flood attacks. Such attacks occur when the connecting host continuously sends TCP SYN requests without replying to the corresponding ACK responses.

Note

On all SRX Series devices, the TCP synchronization flood alarm threshold value does not indicate the number of packets dropped, however the value does show the packet information after the alarm threshold has been reached.

The synchronization cookie or proxy never drops packets; therefore the alarm-without-drop (not drop) action is shown in the system log.

Options

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.