[j-nsp] DDoS filters

Jonas Frey (Probe Networks) jf at probe-networks.de
Sun Mar 28 19:56:50 EST 2004


Hi all,

i am looking for a way to filter DDoS targeted at customers. Something
like to set a policy to not accept (drop) anymore connections (syns and
maybe icmp traffic) to a specific ip/netblock if a limit is exceeded. 
This of course will break new (tcp) connections but the old ones should
remain active which is pretty important.

Regarding a udp DDoS attack i am not sure what could be done to limit
the impact of this.

Does anyone here have any filters like this in place or deals with alot
of DDoS attacks daily and has some technique and knowledge he wants to
share (maybe off-list)?

Regards,
Jonas



More information about the juniper-nsp mailing list