root# run show configuration ## Last commit: 2010-05-24 09:08:35 UTC by root version 9.6R2.11; system { root-authentication { encrypted-password "$1$vgqUMRwG$TAzyM8f/HCFrT13DPGn.Z/"; ## SECRET-DATA } services { web-management { http { interface ge-0/0/0.0; } } } syslog { user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } interfaces { ge-0/0/0 { unit 0; } fe-0/0/2 { unit 0 { family ethernet-switching; } } } security { screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; queue-size 2000; ## Warning: 'queue-size' is deprecated timeout 20; } land; } } } zones { security-zone trust { tcp-rst; interfaces { ge-0/0/0.0 { host-inbound-traffic { system-services { http; https; ssh; telnet; dhcp; } } } } } security-zone untrust { screen untrust-screen; } } policies { from-zone trust to-zone trust { policy default-permit { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone trust to-zone untrust { policy default-permit { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone untrust to-zone trust { policy default-deny { match { source-address any; destination-address any; application any; } then { deny; } } } } } root# run show configuration | display set set version 9.6R2.11 set system root-authentication encrypted-password "$1$vgqUMRwG$TAzyM8f/HCFrT13DPGn.Z/" set system services web-management http interface ge-0/0/0.0 set system syslog user * any emergency set system syslog file messages any critical set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands error set system max-configurations-on-flash 5 set system max-configuration-rollbacks 5 set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval set interfaces ge-0/0/0 unit 0 set interfaces fe-0/0/2 unit 0 family ethernet-switching set security screen ids-option untrust-screen icmp ping-death set security screen ids-option untrust-screen ip source-route-option set security screen ids-option untrust-screen ip tear-drop set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200 set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048 set security screen ids-option untrust-screen tcp syn-flood queue-size 2000 set security screen ids-option untrust-screen tcp syn-flood timeout 20 set security screen ids-option untrust-screen tcp land set security zones security-zone trust tcp-rst set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services http set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services https set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services telnet set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp set security zones security-zone untrust screen untrust-screen set security policies from-zone trust to-zone trust policy default-permit match source-address any set security policies from-zone trust to-zone trust policy default-permit match destination-address any set security policies from-zone trust to-zone trust policy default-permit match application any set security policies from-zone trust to-zone trust policy default-permit then permit set security policies from-zone trust to-zone untrust policy default-permit match source-address any set security policies from-zone trust to-zone untrust policy default-permit match destination-address any set security policies from-zone trust to-zone untrust policy default-permit match application any set security policies from-zone trust to-zone untrust policy default-permit then permit set security policies from-zone untrust to-zone trust policy default-deny match source-address any set security policies from-zone untrust to-zone trust policy default-deny match destination-address any set security policies from-zone untrust to-zone trust policy default-deny match application any set security policies from-zone untrust to-zone trust policy default-deny then deny root@% ls -al total 336948 drwxr-xr-x 3 root wheel 512 May 23 18:22 . drwxr-xr-x 11 root wheel 512 May 23 16:58 .. lrwxr-xr-x 1 root wheel 23 May 23 16:58 junos -> junos-9.6R2.11-domestic -rw-r--r-- 1 930 930 172436462 Oct 6 2009 junos-9.6R2.11-domestic -rw-r--r-- 1 930 930 33 Oct 6 2009 junos-9.6R2.11-domestic.md5 -rw-r--r-- 1 930 930 41 Oct 6 2009 junos-9.6R2.11-domestic.sha1 drwxr-xr-x 2 root wheel 512 Jul 14 1970 mnt