[j-nsp] TCP SYN attack causing BGP peer down?
Scott Weeks
surfer at mauigateway.com
Tue Oct 28 16:05:11 EDT 2008
----- Original Message -----
From: "Scott Weeks" <surfer at mauigateway.com>
> --- cynthia_dal at yahoo.ca wrote:
>
> We experienced a TCP SYN attack from internet today (about 350,000 pps).
> Our internet pipe with ISP is 300Mb/s. The attack caused our BGP peer to
> be tear down. Just wondering why this could happen if our pipe is not
> fully saturated? Shouldn't the BGP packets have the highest priority? Is
> there a way to stop it proactively? We have a Juniper M120.
> -----------------------------------
>> Was the attack directed at the router or through it? If it was at the
>> router itself, maybe it's because the CPU was at 100% for a long enough
>> time to cause the router to drop the session. Is there only one BGP
>> session on the router or more? If more, did all sessions drop?
--- cynthia_dal at yahoo.ca wrote:
From: "Ying Zhang" <cynthia_dal at yahoo.ca>
The attack was through the router not against the router. The router has
many BGP peers. And only the peer it went through was dropped. The CPU was
running almost idle during the attack.
---------------------------------------
Could've it sent the CPU of the upstream router through the roof?
scott
> -----------------------
> ----------------------
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list