Juniper Js Screen Monitor Syn Ack Ack

1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.30

When an authentication user initiates a Telnet or FTP connection, the user sends a SYN segment to the Telnet or FTP server. The device intercepts the SYN segment, creates an entry in its session table, and proxies a SYN-ACK segment to the user. The user then replies with an ACK segment. At that point, the initial 3-way handshake is complete. The device sends a login prompt to the user. When a malicisou user does not log in, but instead continue initiating SYN-ACK-ACK sessions, the firewall session table can fill up to the point where the device begins rejecting legitimate connection requests. When the SYN-ACK-ACK proxy protection option is enabled, after the number of connections from the same IP address reaches the SYN-ACK-ACK proxy threshold, the device rejects further connection requests from that IP address. By default, the threshold is 512 connections from any single IP address. The attribute records the detection of SYN ACK ACK attack.