Configuring Flood Defense Settings For Preventing Attacks; Configuring Icmp Flooding Protection; Configuring Syn Flooding Protection - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Related
Documentation

Configuring Flood Defense Settings for Preventing Attacks

Configuring ICMP Flooding Protection

Configuring SYN Flooding Protection

Copyright © 2010, Juniper Networks, Inc.
A security device uses stateful inspection to secure a zone by inspecting, and then
permitting or denying, all connection attempts that require crossing an interface from
and to that zone. To protect against attacks from other zones, you can enable defense
mechanisms known as screen attack protections, which detect and deflect TCP, UDP,
IP, and ICMP packet attacks. Common screen attacks are SYN floods, packet fragments,
and SYN and FIN bits set. When screen attack protections are enabled, the device
generates a screen alarm log entry for each violation.
To configure Screen attack protections, open a device configuration and select Network
> Zone to display the Zone configuration. Double-click a zone to display the Predefined
Zone dialog box and select SCREEN.
NOTE: For instructions for configuring the SCREEN options, see the Network
and Security Manager Online Help topic " Configuring SCREEN Options." For
information about the SCREEN alarm log entries that enabling these options
can generate, see the Network and Security Manager Administration Guide.
Configuring Flood Defense Settings for Preventing Attacks on page 41
Example: Configuring UDP Flooding Protection (NSM Procedure) on page 43
HTTP Components and MS-Windows Defense Method on page 43
Configure flood defense settings to prevent denial-of-service (DoS) attacks from
overwhelming the security device with large numbers or floods of certain packet types.
You can protect targets in the security zone from ICMP, SYN, and UDP floods.
Configuring ICMP Flooding Protection on page 41
Configuring SYN Flooding Protection on page 41
Configuring UDP Flooding Protection on page 42
An ICMP flood occurs when incoming ICMP echo requests overload a target system with
so many requests that the system expends all its resources responding until it can no
longer process valid network traffic. You can protect targets in the security zone from
ICMP floods by setting a packet-per-second threshold for ICMP requests (default setting:
1000 packets per second). When the ICMP packet flow exceeds the defined threshold,
the security device ignores further ICMP echo requests for the remainder of that second
and the next second.
A SYN flood occurs when a target becomes so overwhelmed by SYN segments initiating
invalid connection requests that it can no longer process legitimate connection
requests.You can configure thresholds for the zone that, when exceeded, prompt the
security device to begin acknowledging incoming SYN segments and queuing incomplete
Chapter 3: Network Settings
41