ids-option

Syntax

ids-option screen-name { alarm-without-drop;icmp {flood {threshold number ;}fragment;ip-sweep {threshold number ;}large;ping-death;}ip {bad-option;block-frag;loose-source-route-option;record-route-option;security-option;source-route-option;spoofing;stream-option;strict-source-route-option;tear-drop;timestamp-option;unknown-protocol;}limit-session {destination-ip-based number ;source-ip-based number ;}tcp {fin-no-ack;land;port-scan {threshold number ;}syn-ack-ack-proxy {threshold number ;}syn-fin;syn-flood {alarm-threshold number ;attack-threshold number ;destination-threshold number ;source-threshold number ;timeout seconds ;}syn-frag;tcp-no-flag;tcp-sweep {threshold threshold number;}winnuke;}udp {flood {threshold number ;}udp-sweep {threshold threshold number;}}}}

Hierarchy Level

[edit security screen]

Release Information

Statement introduced in Release 8.5 of Junos OS.

Description

Define screens for intrusion detection and prevention.

Options

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.