Hi, I have a sceen applied to my untrust zone which limits the amout of sessions to a destination IP address to 10,000. The config is below:
"set security screen ids-option untrust-screen limit-session destination-ip-based 10000" However, we recently had an attack on one of our customers where there was around 400,000 sessions to a single IP address, as shown: show security flow session summary destination-prefix 202.x.x.x node1: -------------------------------------------------------------------------- Valid sessions: 5 Pending sessions: 3 Invalidated sessions: 384356 Sessions in other states: 0 Total sessions: 384364 Any idea why the screen wasn't blocking this? It is applied to the untrust zone, and it does block traffic such as port scans and sweeps, however in this case nothing happened. Thanks, _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
