Statement introduced in Junos OS Release 10.2.
Configure the device to detect and prevent TCP sweep attack. In a TCP sweep attack, an attacker sends TCP SYN packets to the target device as part of the TCP handshake. If the device responds to those packets, the attacker gets an indication that a port in the target device is open, which makes the port vulnerable to attack. If a remote host sends TCP packets to 10 addresses in 0.005 seconds (5000 microseconds), then the device flags this as a TCP sweep attack.
If the alarm-without-drop option is not set, the device rejects the eleventh and all further TCP packets from that host for the remainder of the specified threshold period.
threshold number—Maximum number of microseconds during which up to 10 TCP SYN packets from the same host are allowed into the device. More than 10 requests from a host during this period triggers TCP Sweep attack response on the router during the remainder of the second.
Range: 1000 through 1,000,000 microseconds
Default: 5000 microseconds
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.