[j-nsp] DOS Attack

Stefan Fouant sfouant at shortestpathfirst.net
Wed Aug 4 11:27:43 EDT 2010


> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
> bounces at puck.nether.net] On Behalf Of sherif mostafa
> Sent: Wednesday, August 04, 2010 9:37 AM
> To: fweimer at bfk.de
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] DOS Attack
> 
> Dear Florian,
> 
> This ERX, Administration of router interface 0018.742f.b380 belongs to
> me also, but should I filter all those packet types ??

Sounds like you have a routing loop, perhaps default routes on two neighbors
pointing at each other?  This is what I would suspect when I'm seeing TTL
expirations.   In any event, this error message is just telling you that is
suspects that there is a problem, however are you actually observing poor
performance or is it causing some type of outage or other issue?  241 pps
really isn't that much - it's not what I would consider to be a normal
flooding type of attack...

Stefan Fouant, CISSP, JNCIEx2
www.shortestpathfirst.net
GPG Key ID: 0xB5E3803D



More information about the juniper-nsp mailing list