A denial-of-service (DoS) attack is any attempt to deny valid users access to network or server resources by using up all the resources of the network element or server. Denial of service protection provides reactive prevention from attack and determines whether the source of traffic is valid or invalid. DoS protection includes diagnostic tools and configuration options. DoS protection groups provide a simple policy that can be applied to interfaces, which can specify a set of parameters to tune behavior.
Figure 29 shows an example of the state of a flow with DoS protection using suspicious control flow detection (SCFD).
Figure 29: Typical Control Packet Processing
 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |