action (Application-Level DDoS)

Syntax

action {[close-server | drop-connection | drop-packet | no-action]}

Hierarchy Level

[edit security idp idp-policy policy-name rulebase-ddos rule rule-name then]

Release Information

Statement introduced in Release 10.0 of Junos OS.

Description

Specify the actions you want IDP to take when the monitored traffic matches the application-ddos objects specified in the application-level DDoS rule.

Options

close-server—Closes the connection and sends an RST packet to the server but not to the client.
drop-connection—Drops all packets associated with the connection, preventing traffic for the connection from reaching its destination. Use this action to drop connections for traffic that is not prone to spoofing.
drop-packet—Drops a matching packet before it can reach its destination but does not close the connection. Use this action to drop packets for attacks in traffic that is prone to spoofing, such as UDP traffic. Dropping a connection for such traffic could result in a denial of service that prevents you from receiving traffic from a legitimate source-IP address.
no-action—No action is taken. Use this action when you want to only generate logs for some traffic.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.