[j-nsp] SYN flood filter (seq=0)
Hannes Gredler
hannes at juniper.net
Tue Sep 20 16:25:53 EDT 2005
no as the sequence number field is not loaded in the lookup-key
(= the router can't load a offset/match rule in the hardware path)
/hannes
Christian Malo wrote:
> Hi folks,
>
>
> Is there a way to block tcp packets with seq=0.
>
>
> 13:22:20.756634 X.X.X.X.19523 > X.X.X.X.http: . [tcp sum ok] 0:0(0) ack 2905 win 65340 (DF) (ttl 112, id 58257, len 40)
>
>
> thanks,
>
> -chris
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list