Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] What is a SYN-ACK-ACK Proxy Attack?

0

0

Article ID: KB4819 KB Last Updated: 07 Jun 2010Version: 3.0
Summary:
What is a SYN-ACK-ACK Proxy Attack?
Symptoms:

Solution:

Note: This article applies to ScreenOS 4.0 and higher.

When an authentication user initiates a Telnet or FTP connection, the user sends a SYN packet to the Telnet or FTP server. The NetScreen device intercepts the packet and proxies a SYN-ACK packet to the user. The user then replies with an ACK packet. At that point, the initial 3-way handshake is complete. The NetScreen device creates an entry in its session table and sends a login prompt to the user. If the user, with malicious intent, does not log in, but instead continues initiating SYN-ACK-ACK sessions, the NetScreen session table can fill up to the point where the device begins rejecting legitimate connection requests.

To prevent such an attack, you can enable the SYN-ACK-ACK proxy protection SCREEN option. After the number of connections from the same IP address reaches the SYN-ACK-ACK proxy threshold, the NetScreen device rejects further connection requests from that IP address. By default, the threshold is 512 connections from any single IP address. You can change this threshold (to any number between 1 and 2,500,000) to better suit the requirements of your network environment.



Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search