[j-nsp] netflow/Tracking DDoS
Christopher Morrow
morrowc at ops-netman.net
Wed Apr 14 21:44:00 EDT 2004
On Apr 14, 2004, at 9:02 PM, Eric Whitehill wrote:
> I have an idea of what /20 the attack is destined for, but I just
> can't prove it. I'd be working on M10's, version 5.7R2.4. I was
> thinking of doing some sort of policy map, but I'm not sure enough on
> how to do it. Should I attempt to do something through firewall? I
> would like to figure out the destination for the
your mX (anything really, 5/10/20/40/160) will filter and log at
line-rate... just drop a simple:
set firewall filter attack term attack then log accept
and apply that on interface(s) facing the customer... Watch the
circular log:
show firewall log
and see what looks like it's getting the most packets. DoS attacks are
nice in that statistically speaking you'll see the attacked destination
pretty quickly in the log! Just add a term before the attack term and
discard the offending traffic :) (oh, and eventually turn off logging)
-Chris
More information about the juniper-nsp
mailing list