syn-ack-ack-proxy (IDS Screen Next Gen Services)
Syntax
syn-ack-ack-proxy {
threshold number;
}
Hierarchy Level
[edit services screen ids-option screen-name tcp]
Release Information
Statement introduced in Junos OS Release 19.3R2 on MX Series routers (MX240, MX480 and MX960) running Next Gen Services with the MX-SPC3 services card.
Description
Configure the maximum number of connections from an IP address that can be opened without being completed. Once this threshold has been reached, further connection requests are rejected. In the SYN-ACK-ACK attack, the session table can fill up, resulting in the device rejecting legitimate connection requests.
Options
threshold number—Maximum number of uncompleted connections from any
single IP address.
Range: 1 through 250,000
Default: 512
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.