Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

show security screen statistics

Syntax

Description

Display intrusion detection service (IDS) security screen statistics.

Options

  • zone zone-name—Display screen statistics for this security zone.

  • interface interface-name —Display screen statistics for this interface.

  • logical-system-name—Display screen statistics for the named logical system.

  • root-logical-system—(Optional) Display screen statistics for the primary logical system only.

  • tenant—Display the name of the tenant system.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security screen statistics command. Output fields are listed in the approximate order in which they appear.

Table 1: show security screen statistics Output Fields

Field Name

Field Description

ICMP flood

Internet Control Message Protocol (ICMP) flood counter. An ICMP flood typically occurs when ICMP echo requests use all resources in responding, such that valid network traffic can no longer be processed.

UDP flood

User Datagram Protocol (UDP) flood counter. UDP flooding occurs when an attacker sends IP packets containing UDP datagrams with the purpose of slowing down the resources, such that valid connections can no longer be handled.

TCP winnuke

Number of Transport Control Protocol (TCP) WinNuke attacks. WinNuke is a denial-of-service (DoS) attack targeting any computer on the Internet running Windows.

TCP port scan

Number of TCP port scans. The purpose of this attack is to scan the available services in the hopes that at least one port will respond, thus identifying a service to target.

ICMP address sweep

Number of ICMP address sweeps. An IP address sweep can occur with the intent of triggering responses from active hosts.

IP tear drop

Number of teardrop attacks. Teardrop attacks exploit the reassembly of fragmented IP packets.

TCP SYN flood

Number of TCP SYN attacks.

IP spoofing

Number of IP spoofs. IP spoofing occurs when an invalid source address is inserted in the packet header to make the packet appear to come from a trusted source.

ICMP ping of death

ICMP ping of death counter. Ping of death occurs when IP packets are sent that exceed the maximum legal length (65,535 bytes).

IP source route option

Number of IP source route attacks.

TCP address sweep

Number of TCP address sweeps.

TCP land attack

Number of land attacks. Land attacks occur when an attacker sends spoofed SYN packets containing the IP address of the victim as both the destination and source IP address.

TCP SYN fragment

Number of TCP SYN fragments.

TCP no flag

Number of TCP headers without flags set. A normal TCP segment header has at least one control flag set.

IP unknown protocol

Number of IPs.

IP bad options

Number of invalid options.

IP record route option

Number of packets with the IP record route option enabled. This option records the IP addresses of the network devices along the path that the IP packet travels.

IP timestamp option

Number of IP timestamp option attacks. This option records the time (in Universal Time) when each network device receives the packet during its trip from the point of origin to its destination.

IP security option

Number of IP security option attacks.

IP loose source route option

Number of IP loose source route option attacks. This option specifies a partial route list for a packet to take on its journey from source to destination.

IP strict source route option

Number of IP strict source route option attacks. This option specifies the complete route list for a packet to take on its journey from source to destination.

IP stream option

Number of stream option attacks. This option provides a way for the 16-bit SATNET stream identifier to be carried through networks that do not support streams.

ICMP fragment

Number of ICMP fragments. Because ICMP packets contain very short messages, there is no legitimate reason for ICMP packets to be fragmented. If an ICMP packet is so large that it must be fragmented, something is amiss.

ICMP large packet

Number of large ICMP packets.

TCP SYN FIN

Number of TCP SYN FIN packets.

TCP FIN no ACK

Number of TCP FIN flags without the acknowledge (ACK) flag.

Source session limit

Number of concurrent sessions that can be initiated from a source IP address.

TCP SYN-ACK-ACK proxy

Number of TCP flags enabled with SYN-ACK-ACK. To prevent flooding with SYN-ACK-ACK sessions, you can enable the SYN-ACK-ACK proxy protection screen option. After the number of connections from the same IP address reaches the SYN-ACK-ACK proxy threshold and SRX Series devices running Junos OS reject further connection requests from that IP address.

IP block fragment

Number of IP block fragments.

Destination session limit

Number of concurrent sessions that can be directed to a single destination IP address.

UDP address sweep

Number of UDP address sweeps.

IPv6 extension header

Number of packets filtered for the defined IPv6 extension headers.

IPv6 extension hop by hop option

Number of packets filtered for the defined IPv6 hop-by-hop option types.

IPv6 extension destination option

Number of packets filtered for the defined IPv6 destination option types.

IPv6 extension header limit

Number of packets filtered for crossing the defined IPv6 extension header limit.

IPv6 malformed header

Number of IPv6 malformed headers defined for the intrusion detection service (IDS).

ICMPv6 malformed packet

Number of ICMPv6 malformed packets defined for the IDS options.

Sample Output

show security screen statistics zone scrzone

Sample Output

show security screen statistics zone untrust (IPv6)

Sample Output

show security screen statistics interface ge-0/0/3

Sample Output

show security screen statistics interface ge-0/0/1 (IPv6)

Sample Output

show security screen statistics interface ge-0/0/1 node primary

Sample Output

show security screen statistics zone trust logical-system all

show security screen statistics zone trust tenant TN1

show security screen statistics zone trust tenant all

Release Information

Command introduced in Junos OS Release 8.5.

The node option added in Junos OS Release 9.0.

The logical-system all option added in Junos OS Release 11.2R6.

Support for IPv6 extension header screens added in Junos OS Release 12.1X46-D10.

The tenant option is introduced in Junos OS Release 18.3R1.