06-28-2012 04:29 PM
Anyone has noted the connection-limit behavior on Junos?
For example, if you want to limit 5 users accessing the router at the same time using protocol ssh or telnet, you will configure under system -> services -> telnet or ssh -> connection-limit 5 command. It will permit 5 users log in the router, but the 6th attempt to log will be "blocked". I mean "blocked" because this 6th attempt will not be drop/reject by the router, but instead Junos keeps this 6th TCP session established (but in a black screen). When one of that 5 users logoff, the prompt login will be displayed to this 6th user.
I'd like to know if there is a way to Junos drop/reject attempted connections that exceeds the limit.
Tiago C. Gonçalves
Solved! Go to Solution.
07-05-2012 12:41 AM
I don't see such an option you want, but there is another option, rate-limit, which allows you to set maximum number of connections per minute (1..250). Connections exceeding this limit are rejected (session is closed right after opening with a FIN, actually). So if you are concerned about DoS attacks, you can use this option. Also I think you could write a filter on lo0 with a policer for some extra protection, but you should be very careful with it.
Juniper Ambassador, Juniper Networks Certified Instructor,
JNCIE-SEC #98, JNCIE-ENT #393, JNCIE-SP #2253
[Juniper Authorized Education & Support in Russia]