[j-nsp] TCP SYN attack causing BGP peer down?

Scott Weeks surfer at mauigateway.com
Tue Oct 28 14:51:01 EDT 2008



--- cynthia_dal at yahoo.ca wrote:
From: ying zhang <cynthia_dal at yahoo.ca>
 
We experienced a TCP SYN attack from internet today (about 350,000 pps). Our internet pipe with ISP is 300Mb/s. The attack caused our BGP peer to be tear down. Just wondering why this could happen if our pipe is not fully saturated? Shouldn't the BGP packets have the highest priority? Is there a way to stop it proactively? We have a Juniper M120. 
-----------------------------------



Was the attack directed at the router or through it?  If it was at the router itself, maybe it's because the CPU was at 100% for a long enough time to cause the router to drop the session.  Is there only one BGP session on the router or more?  If more, did all sessions drop?

scott





























-----------------------
----------------------


More information about the juniper-nsp mailing list