Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
show security screen statistics
Syntax
Release Information
Command introduced in Release 8.5 of Junos OS; node options added in Release 9.0 of Junos OS.
Description
Display intrusion detection system (IDS) security screen statistics.
Options
none—Display IDS security for all zones and interfaces.
zone zone-name —(Optional) Display screen statistics for this security zone.
interface interface-name—(Optional) Display screen statistics for this interface.
node—(Optional) For chassis cluster configurations, display security screen statistics on a specific node.
- node-id —Identification number of the node. It can be 0 or 1.
- all—Display information about all nodes.
- local—Display information about the local node.
- primary—Display information about the primary node.
Required Privilege Level
view
Related Topics
clear security screen statistics
clear security screen statistics interface
clear security screen statistics zone
List of Sample Output
show security screen statistics zone scrzoneshow security screen statistics interface ge-0/0/3
show security screen statistics interface ge-0/0/1 node primary
Output Fields
Table 147 lists the output fields for the show security screen statistics command. Output fields are listed in the approximate order in which they appear.
Table 147: show security screen statistics Output Fields
Field Name | Field Description |
|---|---|
ICMP flood | Internet Control Message Protocol (ICMP) flood counter. An ICMP flood typically occurs when ICMP echo requests use all resources in responding, such that valid network traffic can no longer be processed. |
UDP flood | User Datagram Protocol (UDP) flood counter. UDP flooding occurs when an attacker sends IP packets containing UDP datagrams with the purpose of slowing down the resources, such that valid connections can no longer be handled. |
TCP winnuke | Number of Transport Control Protocol (TCP) WinNuke attacks. WinNuke is a denial-of-service (DoS) attack targeting any computer on the Internet running Windows. |
TCP port scan | Number of TCP port scans. The purpose of this attack is to scan the available services in the hopes that at least one port will respond, thus identifying a service to target. |
ICMP address sweep | Number of ICMP address sweeps. An IP address sweep can occur with the intent of triggering responses from active hosts |
IP tear drop | Number of teardrop attacks. teardrop attacks exploit the reassembly of fragmented IP packets. |
TCP SYN flood | Number of TCP SYN attacks. |
IP spoofing | Number of IP spoofs. IP spoofing occurs when an invalid source address is inserted in the packet header to make the packet appear to come from a trusted source. |
ICMP ping of death | ICMP ping of death counter. Ping of death occurs when IP packets are sent that exceed the maximum legal length (65,535 bytes). |
IP source route option | Number of IP source route attacks. |
TCP address sweep | Number of TCP address sweeps. |
TCP land attack | Number of land attacks. Land attacks occur when an attacker sends spoofed SYN packets containing the IP address of the victim as both the destination and source IP address. |
TCP SYN fragment | Number of TCP SYN fragments. |
TCP no flag | Number of TCP headers without flags set. A normal TCP segment header has at least one control flag set. |
IP unknown protocol | Number of Internet protocols (IP). |
IP bad options | Number of invalid options. |
IP record route option | Number of packets with the IP record route option enabled. This option records the IP addresses of the network devices along the path that the IP packet travels. |
IP timestamp option | Number of IP timestamp option attacks. This option records the time (in Universal Time) when each network device receives the packet during its trip from the point of origin to its destination. |
IP security option | Number of IP security option attacks. |
IP loose source route option | Number of IP loose source route option attacks. This option specifies a partial route list for a packet to take on its journey from source to destination. |
IP strict source route option | Number of IP strict source route option attacks. This option specifies the complete route list for a packet to take on its journey from source to destination. |
IP stream option | Number of stream option attacks. This option provides a way for the 16-bit SATNET stream identifier to be carried through networks that do not support streams. |
ICMP fragment | Number of ICMP fragments. Because ICMP packets contain very short messages, there is no legitimate reason for ICMP packets to be fragmented. If an ICMP packet is so large that it must be fragmented, something is amiss. |
ICMP large packet | Number of large ICMP packets. |
TCP SYN FIN | Number of TCP SYN FIN packets. |
TCP FIN no ACK | Number of TCP FIN flags without the acknowledge (ACK) flag. |
Source session limit | Number of concurrent sessions that can be initiated from a source IP address. |
TCP SYN-ACK-ACK Proxy | Number of TCP flags enabled with SYN-ACK-ACK. To prevent flooding with SYN-ACK-ACK sessions, you can enable the SYN-ACK-ACK proxy protection screen option. After the number of connections from the same IP address reaches the SYN-ACK-ACK proxy threshold, J Series and SRX Series devices running Junos OS rejects further connection requests from that IP address. |
IP Block Fragment | Number of IP block fragments. |
Destination session limit | Number of concurrent sessions that can be directed to a single destination IP address. |
UDP address sweep | Number of UDP address sweeps. |
Sample Output
show security screen statistics zone scrzone
user@host> show
security screen statistics zone scrzone Screen statistics: IDS attack type Statistics ICMP flood 0 UDP flood 0 TCP winnuke 0 TCP port scan 91 ICMP address sweep 0 TCP sweep 0 UDP sweep 0 IP tear drop 0 TCP SYN flood 0 IP spoofing 0 ICMP ping of death 0 IP source route option 0 TCP land attack 0 TCP SYN fragment 0 TCP no flag 0 IP unknown protocol 0 IP bad options 0 IP record route option 0 IP timestamp option 0 IP security option 0 IP loose source route option 0 IP strict source route option 0 IP stream option 0 ICMP fragment 0 ICMP large packet 0 TCP SYN FIN 0 TCP FIN no ACK 0 Source session limit 0 TCP SYN-ACK-ACK proxy 0 IP block fragment 0 Destination session limit 0
Sample Output
show security screen statistics interface ge-0/0/3
user@host> show
security screen statistics interface ge-0/0/3
Screen statistics: IDS attack type Statistics ICMP flood 0 UDP flood 0 TCP winnuke 0 TCP port scan 91 ICMP address sweep 0 TCP sweep 0 UDP sweep 0 IP tear drop 0 TCP SYN flood 0 IP spoofing 0 ICMP ping of death 0 IP source route option 0 TCP land attack 0 TCP SYN fragment 0 TCP no flag 0 IP unknown protocol 0 IP bad options 0 IP record route option 0 IP timestamp option 0 IP security option 0 IP loose source route option 0 IP strict source route option 0 IP stream option 0 ICMP fragment 0 ICMP large packet 0 TCP SYN FIN 0 TCP FIN no ACK 0 Source session limit 0 TCP SYN-ACK-ACK proxy 0 IP block fragment 0 Destination session limit 0
Sample Output
show security screen statistics interface ge-0/0/1 node primary
user@host> show
security screen statistics interface ge-0/0/1 node primary node0: -------------------------------------------------------------------------- Screen statistics: IDS attack type Statistics ICMP flood 1 UDP flood 1 TCP winnuke 1 TCP port scan 1 ICMP address sweep 1 TCP sweep 1 UDP sweep 1 IP tear drop 1 TCP SYN flood 1 IP spoofing 1 ICMP ping of death 1 IP source route option 1 TCP land attack 1 TCP SYN fragment 1 TCP no flag 1 IP unknown protocol 1 IP bad options 1 IP record route option 1 IP timestamp option 1 IP security option 1 IP loose source route option 1 IP strict source route option 1 IP stream option 1 ICMP fragment 1 ICMP large packet 1 TCP SYN FIN 1 TCP FIN no ACK 1 Source session limit 1 TCP SYN-ACK-ACK proxy 1 IP block fragment 1 Destination session limit 1
