[j-nsp] Best way to detect abnormal traffic without enabling security?

Yucong Sun (叶雨飞) sunyucong at gmail.com
Tue Apr 3 03:20:45 EDT 2012


But jflow is not going to work in packet mode, right?

On Tue, Apr 3, 2012 at 12:15 AM, Per Granath <per.granath at gcc.com.cy> wrote:
> Netflow/jflow should be useful to you.
>
> http://kb.juniper.net/InfoCenter/index?page=content&id=KB12512
>
> Have a look at some free collectors that will analyze the output, or consider Juniper STRM if you are running firewalling on the box too.
>
>
>> > I am currently using a pair of J2350 exporting about 200+ /32 BGP
>> > route  to my peer, and I'm been hit by DDOS several times, the hardest
>> > part for me is to figure out which IP was getting the DDOS and
>> > deactivate that route, which will de-announce that route to my peer.
>> >
>> > However I have no established method right now to figure out which IP
>> > is getting DDOSed, so I am hoping somebody can pass along some
>> > sampling or dump method to quickly identify toublesome dst ip.



More information about the juniper-nsp mailing list