JUNIPER-JS-SCREENING-MIB Table View

Table-centric layout grouping table, row, and column objects.

Standard view Table view

Tables

Rows

Columns

jnxJsScreenMonTable

table

.1.3.6.1.4.1.2636.3.39.1.8.1.1.1 · 1 row entry · 64 columns

Open in standard view

Juniper security Firewall can allow DI protection on each of
the device's physical interface. This table collects the 
screen attributes that monitor the various attacks. 
          
  The screen options can be enabled at security zone bounded to 
a interface or interfaces. When these options apply to traffic 
reaching the device through interfaces (via a zone), they offers 
protection against malicious information gathering probe or 
an attack to compromise, disable, or harm a network or network 
resources.

jnxJsScreenMonEntry entry .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1

The screen option monitoring statistics entry. Each
entry is uniquely identified by the zone name.

The data is collected on a per zone basis. There
can be multiple interfaces bound to a particular
zones…

Indexes

jnxJsScreenZoneName

Column	Syntax	OID
jnxJsScreenZoneName The name of the security zone under which the statistics are collected.	OctetString Constraints: `range: 1-255`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.1`
jnxJsScreenNumOfIf Number of interfaces bound to this zone. Each counter contains the aggregated data of all the interfaces	SNMPv2-SMIInteger32 Textual Convention: SNMPv2-SMIInteger32 `Integer32` Type Constraints: `range: -2147483648..2147483647`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.2`
jnxJsScreenMonSynAttk The SYN (TCP connection request) attack is a common denial of service (DoS) technique characterized by the following pattern: - Using a spoofed IP address not in use on the Internet, an attacker sends multiple SYN pa…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.3`
jnxJsScreenMonTearDrop Teardrop attacks exploit the reassembly of fragmented IP packets. In the IP header, one of the fields is the fragment offset field, which indicates one of the fields is the fragment offset field. It indicates the st…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.4`
jnxJsScreenMonSrcRoute IP source route options can be used to hide their true address and access restricted areas of a network by specifying a different path. The security device should be able to either block any packets with loose or str…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.5`
jnxJsScreenMonPingDeath The maximum allowable IP packet size is 65,535 bytes, including the packet header (typically 20 bytes long). An ICMP echo request is an IP packet with a pseudo header, which is 8 bytes long. Therefore, the maximum al…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.6`
jnxJsScreenMonAddrSpoof One method to gain access to a restricted network is to insert a bogus source address in the packet header to make the packet appear to come from a trusted source. This technique is called IP spoofing. The mechanism …	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.7`
jnxJsScreenMonLand A combined SYN attack with IP spoof is referred to as Land attack. A Land attack occurs when an attacker sends spoofed SYN packets containing the IP address of the victim as both the destination and source IP addres…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.8`
jnxJsScreenMonIcmpFlood An ICMP flood typically occurs when ICMP echo requests overload its victim with so many requests that it expends all its resources responding until it can no longer process valid network traffic. With the ICMP flood …	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.9`
jnxJsScreenMonUdpFlood UDP flooding occurs when an attacker sends IP packets containing UDP datagrams with the purpose of slowing down the victim to the point that it can no longer handle valid connections. With the UDP flood protection fea…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.10`
jnxJsScreenMonWinnuke WinNuke is a DoS attack targeting any computer on the internet running Windows. The attacker sends a TCP segment, usually to NetBIOS port 139 with the urgent (URG) flag set, to a host with an established connection.…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.11`
jnxJsScreenMonPortScan A port scan occurs when one source IP address sends IP packets containing TCP SYN segments to a defined number of different ports at the same destination IP address within a defined interval. The purpose of this atta…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.12`
jnxJsScreenMonIpSweep An address sweep occurs when one source IP address sends a defined number of ICMP packets to different hosts within a defined interval. The purpose of this attack is to send ICMP packets, typically echo requests, to …	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.13`
jnxJsScreenMonSynFrag IP encapsulates a TCP SYN segment in the IP packet that initiates a TCP connection. The purpose is to initiate a connection and to invoke a SYN/ACK segment response. The SYN segment typically does not contain any da…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.14`
jnxJsScreenMonTcpNoFlag A normal TCP segment header has at least one flag control set. A TCP segment with no control flags set is an anomalous event. Operating systems respond to such anomalies in different ways. The response, or even lack…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.15`
jnxJsScreenMonIpUnknownProt According to RFC 1700, some protocol types in IP header are reserved and unassigned at this time. Precisely because these protocols are undefined, there is no way to know in advance if a particular unknown protocol i…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.16`
jnxJsScreenMonIpOptBad IP protocol specifies a set of eight options that provide special routing controls, diagnostic tools, and security. These eight options can be used for malicious objectives. Either intentionally or acci…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.17`
jnxJsScreenMonIpOptRecRt The IP standard RFC 791 specifies a set of options to provide special routing controls, diagnostic tools, and security. These options appear after the destination address in an IP packet header. When they do appear,…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.18`
jnxJsScreenMonIpOptTimestamp The IP standard RFC 791 specifies a set of options to provide special routing controls, diagnostic tools, and security. These options appear after the destination address in an IP packet header. When they do appear,…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.19`
jnxJsScreenMonIpOptSecurity The IP standard RFC 791 specifies a set of options to provide special routing controls, diagnostic tools, and security. These options appear after the destination address in an IP packet header. When they do appear,…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.20`
jnxJsScreenMonIpOptLSR Attackers can use IP source route options to hide their true address and access restricted areas of a network by specifying a different path. The security device should be able to either block any packets with loose…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.21`
jnxJsScreenMonIpOptSSR Attackers can use IP source route options to hide their true address and access restricted areas of a network by specifying a different path. The security device should be able to either block any packets with loose…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.22`
jnxJsScreenMonIpOptStream The IP standard RFC 791 specifies a set of options to provide special routing controls, diagnostic tools, and security. These options appear after the destination address in an IP packet header. When they do appear,…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.23`
jnxJsScreenMonIcmpFrag ICMP provides error reporting and network probe capabilities. ICMP packets contain very short messages, there is no legitimate reason for ICMP packets to be fragmented. If an ICMP packet is so large that it must be f…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.24`
jnxJsScreenMonIcmpLarge ICMP packets contain very short messages, there is no legitimate reason for ICMP packets to be fragmented. If an ICMP packet is unusually large, something is wrong. For example, the Loki program uses I…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.25`
jnxJsScreenMonTcpSynFin Both the SYN and FIN control flags are not normally set in the same TCP segment header. The SYN flag synchronizes sequence numbers to initiate a TCP connection. The FIN flag indicates the end of data transmission to …	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.26`
jnxJsScreenMonTcpFinNoAck A FIN scan sends TCP segments with the FIN flag set in an attempt to provoke a response and thereby discover an active host or an active port on a host. The use of TCP segments with the FIN flag set might evade detec…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.27`
jnxJsScreenMonLimitSessSrc All the virus-generated traffic originates from the same IP address (generally from a infected server), a source-based session limit ensures that the firewall can curb such excessive amounts of traffic. Based on a t…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.28`
jnxJsScreenMonLimitSessDest The user can limit the number of concurrent sessions to the same destination IP address. A wily attacker can launch a distributed denial-of-service (DDoS) attack using 'zombie agents'. Setting a destination-based se…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.29`
jnxJsScreenMonSynAckAck When an authentication user initiates a Telnet or FTP connection, the user sends a SYN segment to the Telnet or FTP server. The device intercepts the SYN segment, creates an entry in its session table, and proxies a …	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.30`
jnxJsScreenMonIpFrag As packets travels, it is sometimes necessary to break a packet into smaller fragments based upon the maximum transmission unit (MTU) of each network. IP fragments might contain an attacker's attempt to exploit the v…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.31`
jnxJsScreenSynAttackThresh The number of SYN segments to the same destination address and port number per second required to activate the SYN proxying mechanism. In order to set the appropriate threshold value, it requires a through knowledge …	SNMPv2-SMIInteger32 Textual Convention: SNMPv2-SMIInteger32 `Integer32` Type Constraints: `range: -2147483648..2147483647`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.32`
jnxJsScreenSynAttackTimeout The maximum length of time before a half-completed connection is dropped from the queue. The default is 20 seconds. This attributes display the SYN attack timeout value.	SNMPv2-SMIInteger32 Textual Convention: SNMPv2-SMIInteger32 `Integer32` Type Constraints: `range: -2147483648..2147483647`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.33`
jnxJsScreenSynAttackAlmTh The syn attack alarm threshold causes an alarm to be generated when the number of proxied, half-complete TCP connection requests per second requests to the same destination address and port number exceeds its value. …	SNMPv2-SMIInteger32 Textual Convention: SNMPv2-SMIInteger32 `Integer32` Type Constraints: `range: -2147483648..2147483647`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.34`
jnxJsScreenSynAttackQueSize deprecated The number of proxied connection requests held in the proxied connection queue before the device starts rejecting new connection requests. This attribute displays the SYN attack queue size. …	SNMPv2-SMIInteger32 Textual Convention: SNMPv2-SMIInteger32 `Integer32` Type Constraints: `range: -2147483648..2147483647`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.35`
jnxJsScreenSynAttackAgeTime deprecated SYN flood age time. This object has been deprecated.	SNMPv2-SMIInteger32 Textual Convention: SNMPv2-SMIInteger32 `Integer32` Type Constraints: `range: -2147483648..2147483647`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.36`
jnxJsScreenIcmpFloodThresh ICMP flooding occurs when an attacker sends IP packets containing ICMP datagrams with the purpose of slowing down the victim to the point that it can no longer handle valid connections. This attributes…	SNMPv2-SMIInteger32 Textual Convention: SNMPv2-SMIInteger32 `Integer32` Type Constraints: `range: -2147483648..2147483647`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.37`
jnxJsScreenUdpFloodThresh UDP flooding occurs when an attacker sends IP packets containing UDP datagrams with the purpose of slowing down the victim to the point that it can no longer handle valid connections. The default thres…	SNMPv2-SMIInteger32 Textual Convention: SNMPv2-SMIInteger32 `Integer32` Type Constraints: `range: -2147483648..2147483647`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.38`
jnxJsScreenPortScanThresh The port scan threshold interval is in microseconds. The default threshold value is 5000. The valid threshold range is 1000-1000000. By using the default settings, if a remote host scans 10 ports in …	SNMPv2-SMIInteger32 Textual Convention: SNMPv2-SMIInteger32 `Integer32` Type Constraints: `range: -2147483648..2147483647`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.39`
jnxJsScreenIpSweepThresh The IP sweep threshold interval is in microseconds. The default threshold value is 5000. The valid threshold range is 1000-1000000. By using the default settings, if a remote host sends ICMP traffic …	SNMPv2-SMIInteger32 Textual Convention: SNMPv2-SMIInteger32 `Integer32` Type Constraints: `range: -2147483648..2147483647`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.40`
jnxJsScreenSynAckAckThres SYN ack ack alarm threshold value.	SNMPv2-SMIInteger32 Textual Convention: SNMPv2-SMIInteger32 `Integer32` Type Constraints: `range: -2147483648..2147483647`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.41`
jnxJsScreenMonIpv6ExtHdr In one IPv6 packet, one or more extension headers may appear before the encapsulated payload after the mandatory header. User can screen any one or several extension headers. When the extension header sc…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.42`
jnxJsScreenMonIpv6HopOpt In one IPv6 hop by hop option extension header, it carries a variable number options. User can screen any one or several options. When the hop by hop option screen is enabled, the device screens all IPv6…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.43`
jnxJsScreenMonIpv6DstOpt In one IPv6 destination option extension header, it carries a variable number options. User can screen any one or several options. When the destination option screen is enabled, the device screens all IPv…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.44`
jnxJsScreenMonIpv6ExtLimit In one IPv6 packet, one or more extension headers may appear before the encapsulated payload. User can screen IPv6 packets if their extension header number is larger than one limit. When the extension hea…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.45`
jnxJsScreenMonIpMalIpv6 One IPv6 packets may contain malformed header, the device tries to block these packets to protect downstream devices. When the malformed IPv6 screen is enabled, the device screens IPv6 packets with malfor…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.46`
jnxJsScreenMonIcmpMalIcmpv6 One ICMPv6 packets may contain malformed content, the device tries to block these packets to protect downstream devices. When the malformed ICMPv6 screen is enabled, the device screens ICMPv6 packets with…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.47`
jnxJsScreenIpv6ExtNumLim IPv6 extension header number limit value.	SNMPv2-SMIInteger32 Textual Convention: SNMPv2-SMIInteger32 `Integer32` Type Constraints: `range: -2147483648..2147483647`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.48`
jnxJsScreenUdpPortScanThresh The UDP port scan threshold interval is in microseconds. The default threshold value is 5000. The valid threshold range is 1000-1000000. By using the default settings, if a remote host scans 10 ports …	SNMPv2-SMIInteger32 Textual Convention: SNMPv2-SMIInteger32 `Integer32` Type Constraints: `range: -2147483648..2147483647`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.49`
jnxJsScreenMonUdpPortScan A UDP port scan occurs when one source IP address sends UDP packets to a defined number of different ports at the same destination IP address within a defined interval. The purpose of this attack is to scan the availa…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.50`
jnxJsScreenMonIpTunnelGre6in4 When an IP GRE 6in4 Tunnel packet meets the attack criteria specified by current configuration, it will be counted in this statisitic. This attribute records the IP GRE 6in4 Tunnel attempt attack packets.	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.51`
jnxJsScreenMonIpTunnelGre4in6 When an IP GRE 4in6 Tunnel packet meets the attack criteria specified by current configuration, it will be counted in this statisitic. This attribute records the IP GRE 4in6 Tunnel attempt attack packets.	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.52`
jnxJsScreenMonIpTunnelGre6in6 When an IP GRE 6in6 Tunnel packet meets the attack criteria specified by current configuration, it will be counted in this statisitic. This attribute records the IP GRE 6in6 Tunnel attempt attack packets.	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.53`
jnxJsScreenMonIpTunnelGre4in4 When an IP GRE 4in4 Tunnel packet meets the attack criteria specified by current configuration, it will be counted in this statisitic. This attribute records the IP GRE 4in4 Tunnel attempt attack packets.	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.54`
jnxJsScreenMonIpTunnelIpInUdpTeredo When an IPinUDP Teredo Tunnel packet meets the attack criteria specified by current configuration, it will be counted in this statisitic. This attribute records the IPinUDP Teredo Tunnel attempt attack p…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.55`
jnxJsScreenMonIpTunnelBadInnerHeader When an IP Tunnel Bad Inner Header packet meets the attack criteria specified by current configuration, it will be counted in this statisitic. This attribute records the IP Tunnel Bad Inner Header attemp…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.56`
jnxJsScreenMonIpTunnelIpIp6to4relay When an IP Tunnel IPinIP 6to4 relay packet meets the attack criteria specified by current configuration, it will be counted in this statisitic. This attribute records the IP Tunnel IPinIP 6to4 relay atte…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.57`
jnxJsScreenMonIpTunnelIpIp6in4 When an IP Tunnel IPinIP 6in4 packet meets the attack criteria specified by current configuration, it will be counted in this statisitic. This attribute records the IP Tunnel IPinIP 6in4 attempt attack p…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.58`
jnxJsScreenMonIpTunnelIpIp6over4 When an IP Tunnel IPinIP 6over4 packet meets the attack criteria specified by current configuration, it will be counted in this statisitic. This attribute records the IP Tunnel IPinIP 6over4 attempt atta…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.59`
jnxJsScreenMonIpTunnelIpIp4in6 When an IP Tunnel IPinIP 4in6 packet meets the attack criteria specified by current configuration, it will be counted in this statisitic. This attribute records the IP Tunnel IPinIP 4in6 attempt attack p…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.60`
jnxJsScreenMonIpTunnelIpIp4in4 When an IP Tunnel IPinIP 4in4 packet meets the attack criteria specified by current configuration, it will be counted in this statisitic. This attribute records the IP Tunnel IPinIP 4in4 attempt attack p…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.61`
jnxJsScreenMonIpTunnelIpIp6in6 When an IP Tunnel IPinIP 6in6 packet meets the attack criteria specified by current configuration, it will be counted in this statisitic. This attribute records the IP Tunnel IPinIP 6in6 attempt attack p…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.62`
jnxJsScreenMonIpTunnelIpIpIsatap When an IP Tunnel IPinIP ISATAP packet meets the attack criteria specified by current configuration, it will be counted in this statisitic. This attribute records the IP Tunnel IPinIP ISATAP attempt atta…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.63`
jnxJsScreenMonIpTunnelIpIpDsLite When an IP Tunnel IPinIP DS-Lite packet meets the attack criteria specified by current configuration, it will be counted in this statisitic. This attribute records the IP Tunnel IPinIP DS-Lite attempt at…	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.64`

jnxJsScreenMonThreshTable

table

.1.3.6.1.4.1.2636.3.39.1.8.1.1.2 · 1 row entry · 6 columns

Open in standard view

This table is a read-only table that augments the
jnxJsScreenMonTable.  The purpose of this table is
to keep threshold and counter information about
Syn Flood and Session Limit.

jnxJsScreenMonThreshEntry entry .1.3.6.1.4.1.2636.3.39.1.8.1.1.2.1

Syn Flood and Session Limit thresholds and counts.

Indexes

No indexes recorded

Column	Syntax	OID
jnxJsScreenSynFloodSrcThresh The number of SYN segments received per second from a single source IP - regardless of the destination IP address and port number - before the security device begins dropping connection requests from that source.	SNMPv2-SMIInteger32 Textual Convention: SNMPv2-SMIInteger32 `Integer32` Type Constraints: `range: -2147483648..2147483647`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.2.1.1`
jnxJsScreenSynFloodDstThresh The number of SYN segments received per second from a single destination IP address before the security device begins dropping connection requests to that destination. If a protected host runs multiple services, you mig…	SNMPv2-SMIInteger32 Textual Convention: SNMPv2-SMIInteger32 `Integer32` Type Constraints: `range: -2147483648..2147483647`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.2.1.2`
jnxJsScreenSessLimitSrcThresh The security device can impose a limit on the number of SYN segments permitted from a single source IP address.	SNMPv2-SMIInteger32 Textual Convention: SNMPv2-SMIInteger32 `Integer32` Type Constraints: `range: -2147483648..2147483647`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.2.1.3`
jnxJsScreenSessLimitDstThresh The security device can impose a limit on the number of SYN segments permitted to a single destination IP address.	SNMPv2-SMIInteger32 Textual Convention: SNMPv2-SMIInteger32 `Integer32` Type Constraints: `range: -2147483648..2147483647`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.2.1.4`
jnxJsScreenMonSynFloodSrc The number of concurrent sessions from the same source IP address.	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.2.1.5`
jnxJsScreenMonSynFloodDst The number of concurrent sessions to the same destination IP address.	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.2.1.6`

jnxJsScreenSweepTable

table

.1.3.6.1.4.1.2636.3.39.1.8.1.1.3 · 1 row entry · 4 columns

Open in standard view

This table is a read-only table that augments the
jnxJsScreenMonTable. The purpose of this table is
to add counters and thresholds for TCP/UDP sweep
feature.

jnxJsScreenSweepEntry entry .1.3.6.1.4.1.2636.3.39.1.8.1.1.3.1

TCP/UDP sweep thresholds and counters.

Indexes

No indexes recorded

Column	Syntax	OID
jnxJsScreenTcpSweepThresh The TCP sweep threshold interval is in microseconds. The default threshold value is 5000. The valid threshold range is 1000-1000000. By using the default settings, if a remote host initiates TCP con…	SNMPv2-SMIInteger32 Textual Convention: SNMPv2-SMIInteger32 `Integer32` Type Constraints: `range: -2147483648..2147483647`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.3.1.1`
jnxJsScreenUdpSweepThresh The UDP sweep threshold interval is in microseconds. The default threshold value is 5000. The valid threshold range is 1000-1000000. By using the default settings, if a remote host has UDP connection…	SNMPv2-SMIInteger32 Textual Convention: SNMPv2-SMIInteger32 `Integer32` Type Constraints: `range: -2147483648..2147483647`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.3.1.2`
jnxJsScreenMonTcpSweep The number of TCP sessions dropped due to TCP sweeping attack.	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.3.1.3`
jnxJsScreenMonUdpSweep The number of UDP packets dropped due to UDP sweeping attack.	SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 `Unsigned64` Type Constraints: `range: 0..18446744073709551615`	`.1.3.6.1.4.1.2636.3.39.1.8.1.1.3.1.4`