Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
show security screen ids-option
Syntax
Release Information
Command introduced in Release 8.5 of Junos OS; node options added in Release 9.0 of Junos OS.
Description
Display configuration information about the specified security screen.
Options
screen-name —Name of the screen.
node—(Optional) For chassis cluster configurations, display the configuration status of the security screen on a specific node.
- node-id —Identification number of the node. It can be 0 or 1.
- all—Display information about all nodes.
- local—Display information about the local node.
- primary—Display information about the primary node.
Required Privilege Level
view
Related Topics
List of Sample Output
show security screen ids-option jscreenshow security screen ids-option jscreen1 node all
Output Fields
Table 146 lists the output fields for the show security screen ids-option command. Output fields are listed in the approximate order in which they appear.
Table 146: show security screen ids-option Output Fields
Field Name | Field Description |
|---|---|
TCP address sweep threshold | Number of microseconds for which the device accepts 10 TCP packets from the same remote source to different destination addresses. |
TCP port scan threshold | Number of microseconds during which the device accepts packets from the same remote source with up to 10 different port numbers. |
ICMP address sweep threshold | Maximum number of microseconds during which up to 10 ICMP echo requests from the same host are allowed into the device. |
UDP flood threshold | Number of UDP packets per second allowed to ping the same destination address before the device rejects further UDP packets. |
TCP winnuke | Enable or disable the detection of TCP WinNuke attacks. |
TCP SYN flood attack threshold | Number of SYN packets per second required to trigger the SYN proxy response. |
TCP SYN flood alarm threshold | Number of half-complete proxy connections per second at which the device makes entries in the event alarm log. |
TCP SYN flood source threshold | Number of SYN segments to be received per second before the device begins dropping connection requests. |
TCP SYN flood destination threshold | Number of SYN segments received per second before the device begins dropping connection requests. |
TCP SYN flood timeout | Maximum length of time before a half-completed connection is dropped from the queue. |
TCP SYN flood queue size | Number of proxy connection requests that can be held in the proxy connection queue before the device begins rejecting new connection requests. |
ICMP large packet | Enable or disable the detection of any ICMP frame with an IP length greater than 1024 bytes. |
UDP address sweep threshold | Number of microseconds for which the device accepts 10 UDP packets from the same remote source to different destination addresses. |
Sample Output
show security screen ids-option jscreen
user@host> show
security screen ids-option jscreen Screen object status: Name Value TCP port scan threshold 5000 ICMP address sweep threshold 5000
Sample Output
show security screen ids-option jscreen1 node all
user@host> show
security screen ids-option jscreen1 node all
node0: -------------------------------------------------------------------------- Screen object status: Name Value UDP flood threshold 1000 TCP winnuke enabled TCP SYN flood attack threshold 200 TCP SYN flood alarm threshold 512 TCP SYN flood source threshold 4000 TCP SYN flood destination threshold 4000 TCP SYN flood timeout 20 TCP SYN flood queue size 1024 ICMP large packet enabled node1: -------------------------------------------------------------------------- Screen object status: Name Value UDP flood threshold 1000 TCP winnuke enabled TCP SYN flood attack threshold 200 TCP SYN flood alarm threshold 512 TCP SYN flood source threshold 4000 TCP SYN flood destination threshold 4000 TCP SYN flood timeout 20 TCP SYN flood queue size 1024 ICMP large packet enabled
