[j-nsp] DOS attack?
Robert Raszuk
robert at raszuk.net
Sun May 17 05:19:56 EDT 2009
Hi Matthias,
> I wonder now, which is the event, that triggered this behavious? The
> numer of ssh-logins at that time or this zbexpected EOF?
I would with good deal of assurance conclude that the cause were
ssh-login attack which apparently starved the poor box to it's memory
limits.
When even your kernel spins a panic message on the low of memory due to
such attack control plane can exhibit quite unexpected behavior. In my
opinion end-of-frame BGP message is just a consequence of this.
The advice would be to:
* open a case with jtac to find out why subsequent ssh-logins cause a
memory leak
* reduce to very max rate-limiting for the ssh logins
Cheers,
R.
> Hi!
>
> Last night we had a mysterious behaviour on our router. On a BGP
> connection with Cogent we received an unexpected EOF. There were also a
> great number of SSH logins (we do not have FW rules in place, but we
> have a rate limit, Shortly after the router complained about low memory
> and a few BGP sessions drop down (oviosly the one, which are memory
> exhausting),
>
> I wonder now, which is the event, that triggered this behavious? The
> numer of ssh-logins at that time or this zbexpected EOF?
>
> The log of that time:
More information about the juniper-nsp
mailing list