syn-flood-protection-mode

Syntax

syn-flood-protection-mode (syn-cookie | syn-proxy);

Hierarchy Level

[edit security flow]

Release Information

Statement introduced in Release 8.5 of Junos OS.

Description

Enable SYN-cookie defenses or SYN-proxy defenses against SYN attacks.

The SYN flood protection mode is enabled globally on the device and is activated when the configured syn-flood attack-threshold value is exceeded.

Options

syn-cookie—Uses a cryptographic hash to generate a unique Initial Sequence Number (ISN). This is enabled by default.

syn-proxy—Uses a proxy to handle the SYN attack.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Related Topics

attack-threshold

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.