tcp-sweep

Syntax

Hierarchy Level

Release Information

Statement introduced in Release 10.2 of Junos OS.

Description

Configure the device to detect and prevent TCP sweep attack. In a TCP sweep attack, an attacker sends TCP SYN packets to the target device as part of the TCP handshake. If the device responds to those packets, the attacker gets an indication that a port in the target device is open, which makes the port vulnerable to attack. If a remote host sends TCP packets to 10 addresses in 0.005 seconds (5000 microseconds), then the device flags this as a TCP sweep attack.

If the alarm-without-drop option is not set, the device rejects the eleventh and all further TCP packets from that host for the remainder of the specified threshold period.

Options

threshold number—Maximum number of microseconds during which up to 10 TCP SYN packets from the same host are allowed into the device. More than 10 requests from a host during this period triggers TCP Sweep attack response on the router during the remainder of the second.

Range: 1000 through 1,000,000 microseconds

Default: 5000 microseconds

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.