Statement introduced in Junos OS Release 8.5.
Enable detection of a SYN fragment attack and drops any packet fragments used for the attack. A SYN fragment attack floods the target host with SYN packet fragments. The host caches these fragments, waiting for the remaining fragments to arrive so it can reassemble them. The flood of connections that cannot be completed eventually fills the host’s memory buffer. No further connections are possible, and damage to the host’s operating system can occur.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.