- user@host# set security screen ids-option
external-syn-flood tcp syn-flood timeout 20
- user@host# set security zones security-zone
external screen external-syn-flood
- user@host# set security flow syn-flood-protection-mode
syn-cookie
 |
Note: The SYN Cookie feature can only detect and protect against spoofed SYN-Flood attacks, thus minimizing the negative impact to hosts that are secured by JUNOS software. If an attacker is using a legitimate IP source address, rather than a spoofed IP source, then the SYN-Cookie mechanism does not stop the attack. |
 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |