time-binding-period statement

Syntax

context <context-name> {time-binding-period seconds;}

Hierarchy Level

[edit security idp application-ddos name context context-name]

Release Information

Statement introduced in Release 10.0 of Junos OS.

Description

(Optional) Configure the time-binding period to determine if a client should be classified as a bot client or not. This setting is used in conjunction with time-binding count to detect an attack if a client request for the same context value exceeds time-binding-count times in time-binding-period seconds.

Contexts values are monitored until overall requests for a given application-level distributed denial-of-service (DDoS) application no longer exceeds hit-rate-threshold limit for each configured context. If overall context requests exceeds hit-rate-threshold limit, context value monitoring is disabled and system applies time-binding with PEER scope (source-ip, destination-ip, destination-port, destination-protocol, destination-zone), if configured.

Options

number—Time-binding period (seconds).

Range: 1 to 3600 seconds

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.