syn-ack-ack-proxy

Syntax

syn-ack-ack-proxy; {threshold number ,}

Hierarchy Level

[edit security screen ids-option screen-name tcp]

Release Information

Statement introduced in Release 8.5 of Junos OS.

Description

Prevent the SYN-ACK-ACK attack, which occurs when the attacker establishes multiple Telnet sessions without allowing each session to terminate. This behavior consumes all open slots, generating a denial-of-service (DoS) condition.

Options

threshold number — Number of connections from any single IP address.

Range: 1 through 250000
Default: 512

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.