[j-nsp] dosProtection
Bernd Goldschmidt
bwg at juniper.net
Wed Feb 21 11:50:56 EST 2007
Hi Andras,
I guess you are using JUNOSe 8-0-x, or?
Suspicious Flow Control (DOS prevention phase 3) was introdced in JUNOSe 8.0 and is turned on by default.
http://www.juniper.net/techpubs/software/erx/junose80/swconfig-system-basics/html/passwords-security-config10.html#1210684
The message shows you, that a lot of packets with TTL=1 reach your box.
http://www.juniper.net/techpubs/software/erx/junose80/swconfig-system-logs/html/event_categories66.html#636773
With Suspicious Flow Control you are able to protect the ERX control plane (in short words).
Gruss
Bernd.
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of
> Klenovszki, András
> Sent: Wednesday, February 21, 2007 16:10
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] dosProtection
>
> Hi All,
>
> As I have not too much experience in operating ERX devices I
> would appreciate your help.
> We found log messages like this:
>
> ERROR 02/17/2007 17:38:28 dosProtection: Flow is suspicious:
> GigabitEthernet1/1.52.165206 for control protocol: IP TTL
> Expired current rate
> 151 pps
>
> What does it exactly mean? What kind of traffic can cause
> this behaviour?
> May it cause that certain customer experiences packet drops?
>
> Thanks in advance!
>
> Andras
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list