Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to enable protection against a Land attack on ScreenOS devices

0

0

Article ID: KB26778 KB Last Updated: 16 Sep 2020Version: 2.0
Summary:

This article provides information on how to enable protection against a Land attack on ScreenOS devices.

Symptoms:

Understanding Land Attacks

Combining a SYN attack with IP spoofing, a land attack occurs when an attacker sends spoofed SYN packets that contain the IP address of the victim as both the destination and the source IP address.

The receiving system responds by sending the SYN-ACK packet to itself, which creates an empty connection that lasts until the idle timeout value is reached. Flooding a system with such empty connections can overwhelm the system and subsequently causing a denial of service (DoS).
Solution:

The protection is enabled on a per zone basis. Identify the zone that might face such attacks:

To enable land attack protection via the WebUI, perform the following steps:
  1. Go to Security > Screening > Screen.
  2. Select the required zone.
  3. Enable land attack protection under Deniel of service Defense.
To enable Land attack protection via the CLI, use the following command:
set zone <zone name> screen land
Modification History:
2020-09-16: Article reviewed for accuracy. Minor-non-technical edits.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search