HI All,
ScreenOS has an option (see below). Not sure whether this will fix it/patch it or has the same effect. The NSS firewall remediation .pdf stats that for Juniper SRX use the "set security flow tcp-session strict-syn-check" so it appears the same.
-------
from 6.3.0r1.0 release notes
Denial of Service Attack Defenses—ScreenOS 6.3.0 supports the feature of
strict TCP-SYN-check wherein a strict syn check is applied to all the packets in
a TCP three-way-handshake before the three-way handshake completes. Users
can enable this feature by using the set flow tcp-syn-check strict command."
Regards
Tony