Junos OS

last person joined: 6 days ago 

Ask questions and share experiences about Junos OS.

  • 1.  ssh/telnet connection-limit behavior

    Posted 06-28-2012 16:29

    Hi all,

     

    Anyone has noted the connection-limit behavior on Junos?

    For example, if you want to limit 5 users accessing the router at the same time using protocol ssh or telnet, you will configure under system -> services -> telnet or ssh -> connection-limit 5 command. It will permit 5 users log in the router, but the 6th attempt to log will be "blocked". I mean "blocked" because this 6th attempt will not be drop/reject by the router, but instead Junos keeps this 6th TCP session established (but in a black screen). When one of that 5 users logoff, the prompt login will be displayed to this 6th user.

    I'd like to know if there is a way to Junos drop/reject attempted connections that exceeds the limit.

     

     

    Thanks,

     

    Tiago C. Gonçalves



  • 2.  RE: ssh/telnet connection-limit behavior
    Best Answer

    Posted 07-05-2012 00:42

    Hi Tiago,

     

    I don't see such an option you want, but there is another option, rate-limit, which allows you to set maximum number of connections per minute (1..250). Connections exceeding this limit are rejected (session is closed right after opening with a FIN, actually). So if you are concerned about DoS attacks, you can use this option. Also I think you could write a filter on lo0 with a policer for some extra protection, but you should be very careful with it.



  • 3.  RE: ssh/telnet connection-limit behavior

    Posted 07-11-2012 11:46

    Hi PK,

     

    Thanks for the explanation.

     

     

    Regards