destination-threshold

Syntax

destination-threshold number ;

Hierarchy Level

[edit security screen ids-option screen-name tcp syn-flood]

Release Information

Statement modified in Release 9.2 of Junos OS.

Description

Specify the number of SYN segments received per second for a single destination IP address before the device begins dropping connection requests to that destination. If a protected host runs multiple services, you might want to set a threshold based only on the destination IP address, regardless of the destination port number.

Options

number —Number of SYN segments received per second before the device begins dropping connection requests.

Range: 4 through 100000 per second
Default: 2048 per second

Note: For SRX Series devices, the applicable range is 4 through 1000000 per second.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.