Setting TCP SYN Checking (CLI Procedure)

With SYN checking enabled, the device rejects TCP segments with non-SYN flags set unless they belong to an established session. Enabling SYN checking can help prevent attacker reconnaissance and session table floods. TCP SYN checking is enabled by default.

To disable SYN checking:

user@host#set security flow tcp-session no-syn-check

Related Topics

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.