Hi Cahit Your assumption about the order of operations seems to be wrong. If the screen is before the filter, then how come the pings are blocked before you start your attack script? Since your initial pings are blocked this means the filter is working (at least during normal loads)......
It is more likely that your are either hitting a bug or the box is incapable of the DOS generated from your script (which is running on a high speed LAN network) and packets are getting slipped/missed from the filter and leaking to the screen check... Regards Farrukh On Wed, Apr 22, 2015 at 1:50 PM, Phil Mayers <p.may...@imperial.ac.uk> wrote: > On 21/04/15 17:22, Cahit Eyigünlü wrote: > >> We are getting a spoofed ip syn attack. When attack starts and over >> 100K pps our SRX3600 was losting the connection. And we check the >> status of the device over the Serial connection. But we could not >> determine why it has been dropped the connection >> > > What is "the connection" here? I don't understand your problem. > > If you don't have "screen" protections enabled then yes, 100kpps of > spoofed syn will knock the box over. > > See for example: > > > http://www.juniper.net/documentation/en_US/junos12.1/topics/concept/denial-of-service-network-syn-cookie-protection-understanding.html > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp