[j-nsp] dos attacks
Richard A Steenbergen
ras at e-gerbil.net
Tue Apr 22 01:01:17 EDT 2003
On Tue, Apr 22, 2003 at 09:25:51AM +0530, jgrewal wrote:
> Dear All,
>
> Is there any way we can stop dos attacks through juniper routers? Pls
> send me , if anybody have some configurations for stoping at least
> common DOS attacks without overloading routers. This would be great help
> for me as well as other juniper users in fighting DOS attacks....
Besides the usual common sense stuff everyone else will mention:
term synflood {
from {
packet-length 40;
protocol tcp;
tcp-flags syn;
}
then {
count synflood-count;
policer 20m-limit;
loss-priority high;
}
}
http://www.e-gerbil.net/ras/projects/dos/
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the juniper-nsp
mailing list