[an error occurred while processing this directive][an error occurred while processing this directive]

Configuring the JUNOS Software to Enable the Router or Switch to Drop Packets with the SYN and FIN Bits Set

By default, the router or switch accepts packets that have both the SYN and FIN bits set in the TCP flag. You can configure the router or switch to drop packets with both the SYN and FIN bits set. Accepting packets with the SYN and FIN bits set can result in security vulnerabilities, such as denial-of-service attacks. To configure the router or switch to drop such packets, include the tcp-drop-synfin-set statement at the [edit system internet-options] hierarchy level:

[edit system internet-options]tcp-drop-synfin-set;

Published: 2010-04-26

[an error occurred while processing this directive]