ip-sweep

Syntax

Hierarchy Level

Release Information

Statement introduced in Release 8.5 of Junos OS.

Description

Configure the device to detect and prevent an IP Sweep attack. An IP Sweep attack occurs when an attacker sends ICMP echo requests (pings) to multiple destination addresses. If a target host replies, the reply reveals the target’s IP address to the attacker. If the device receives 10 ICMP echo requests within the number of microseconds specified in this statement, it flags this as an IP Sweep attack, and rejects the 11th and all further ICMP packets from that host for the remainder of the second.

Options

threshold number—Maximum number of microseconds during which up to 10 ICMP echo requests from the same host are allowed into the router. More than 10 requests from a host during this period triggers an IP Sweep attack response on the router during the remainder of the second.

Range: 1000 through 1000000 microseconds

Default: 5000 microseconds

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.