[j-nsp] TCP SYN attack causing BGP peer down?
Ying Zhang
cynthia_dal at yahoo.ca
Tue Oct 28 15:45:56 EDT 2008
The attack was through the router not against the router. The router has
many BGP peers. And only the peer it went through was dropped. The CPU was
running almost idle during the attack.
Thanks.
----- Original Message -----
From: "Scott Weeks" <surfer at mauigateway.com>
To: <juniper-nsp at puck.nether.net>
Sent: Tuesday, October 28, 2008 3:51 PM
Subject: Re: [j-nsp] TCP SYN attack causing BGP peer down?
>
>
> --- cynthia_dal at yahoo.ca wrote:
> From: ying zhang <cynthia_dal at yahoo.ca>
>
> We experienced a TCP SYN attack from internet today (about 350,000 pps).
> Our internet pipe with ISP is 300Mb/s. The attack caused our BGP peer to
> be tear down. Just wondering why this could happen if our pipe is not
> fully saturated? Shouldn't the BGP packets have the highest priority? Is
> there a way to stop it proactively? We have a Juniper M120.
> -----------------------------------
>
>
>
> Was the attack directed at the router or through it? If it was at the
> router itself, maybe it's because the CPU was at 100% for a long enough
> time to cause the router to drop the session. Is there only one BGP
> session on the router or more? If more, did all sessions drop?
>
> scott
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> -----------------------
> ----------------------
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list