InformationConcurrent Web-Management sessions should be limited
JUNOS Devices can be managed through a powerful Web Management GUI called JWeb.
Operating the JWeb, or any other, management service uses resources on the device's Routing Engine (RE). An attacker may attempt to initialize a large number of management sessions concurrently in order to exhaust resources and achieve a Denial of Service (DoS) attack.
To prevent this the maximum number of concurrent JWeb sessions should be set at 5 or less.
SolutionTo enable Session limits for JWeb issue the following command from the [edit system services web-management] hierarchy;
[edit system services web-management]
[email protected]#set session-limit 5
Varies by platform. For some Branch and SME focused devices, like the SRX300 or EX2300, JWeb is enabled by default. For most larger Enterprise and SP devices JWeb is disabled by default.