[j-nsp] Best way to detect abnormal traffic without enabling security?
Per Granath
per.granath at gcc.com.cy
Tue Apr 3 03:15:03 EDT 2012
Netflow/jflow should be useful to you.
http://kb.juniper.net/InfoCenter/index?page=content&id=KB12512
Have a look at some free collectors that will analyze the output, or consider Juniper STRM if you are running firewalling on the box too.
> > I am currently using a pair of J2350 exporting about 200+ /32 BGP
> > route to my peer, and I'm been hit by DDOS several times, the hardest
> > part for me is to figure out which IP was getting the DDOS and
> > deactivate that route, which will de-announce that route to my peer.
> >
> > However I have no established method right now to figure out which IP
> > is getting DDOSed, so I am hoping somebody can pass along some
> > sampling or dump method to quickly identify toublesome dst ip.
More information about the juniper-nsp
mailing list