[j-nsp] filter on TCP seqnum
Richard A Steenbergen
ras at e-gerbil.net
Tue Jun 22 13:14:41 EDT 2004
On Tue, Jun 22, 2004 at 09:50:50AM -0700, Paul Goyette wrote:
> I am by no means an expert on the configuration of the module.
>
> The documentation should be of some help, or our JTAC folks can
> help you set up the appropriate "service-set".
I just took a good skim through the documentation and couldn't find
anything more on-topic than stateful firewalling, automatic anomaly
checking, and syn cookies through the IDS service (does anyone have any
performance numbers on exactly how big a flood this will combat btw?)
If anyone does find a way to make an AS pic do simple byte-match filtering
on packet headers fields not covered by basic firewall commands, I think
we'd all like to know about it. :)
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the juniper-nsp
mailing list