[j-nsp] Best way to detect abnormal traffic without enabling security?

Yucong Sun (叶雨飞) sunyucong at gmail.com
Sat Mar 31 00:50:27 EDT 2012


Hi,

I am currently using a pair of J2350 exporting about 200+ /32 BGP
route  to my peer, and I'm been hit by DDOS several times, the hardest
part for me is to figure out which IP was getting the DDOS and
deactivate that route, which will de-announce that route to my peer.

However I have no established method right now to figure out which IP
is getting DDOSed, so I am hoping somebody can pass along some
sampling or dump method to quickly identify toublesome dst ip.

Thanks!


More information about the juniper-nsp mailing list