Example: Blocking Port Scans

This example shows how to configure a screen to block port scans originating from a particular security zone.

• Requirements
• Overview
• Configuration
• Verification

Requirements

Before you begin, understand how port scanning works. See Understanding Port Scanning.

Overview

You can use a port scan to block IP packets containing TCP SYN segments sent to different ports from the same destination address within a defined interval.

In this example, you configure a 5000-port-scan screen to block port scans originating from a particular security zone.

Configuration

Step-by-Step Procedure

To configure a screen to block port scans:

1. Configure the screen.
   [edit]user@host# set security screen ids-option 5000-port-scan tcp port-scan threshold 5000
2. If you are done configuring the device, commit the configuration.
   [edit]user@host# commit

Verification

To verify the configuration is working properly, enter the show security screen command.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices