[j-nsp] Best way to detect abnormal traffic without enabling security?
Yucong Sun (叶雨飞)
sunyucong at gmail.com
Mon Apr 2 17:32:56 EDT 2012
Bumping...Any help is appreciated!
On Fri, Mar 30, 2012 at 9:50 PM, Yucong Sun (叶雨飞) <sunyucong at gmail.com>wrote:
> Hi,
>
> I am currently using a pair of J2350 exporting about 200+ /32 BGP
> route to my peer, and I'm been hit by DDOS several times, the hardest
> part for me is to figure out which IP was getting the DDOS and
> deactivate that route, which will de-announce that route to my peer.
>
> However I have no established method right now to figure out which IP
> is getting DDOSed, so I am hoping somebody can pass along some
> sampling or dump method to quickly identify toublesome dst ip.
>
> Thanks!
>
More information about the juniper-nsp
mailing list