[j-nsp] Best way to detect abnormal traffic without enabling security?

Mark Radabaugh mark at amplex.net
Sat Sep 8 08:28:20 EDT 2012


My suggestion would be a managed Ethernet switch on whichever side of 
the J2350 that you can put it with a SPAN port to dump traffic to 
Wireshark. It should be fairly easy to spot the offending traffic.

Mark


On 3/31/12 12:50 AM, Yucong Sun (叶雨飞) wrote:
> Hi,
>
> I am currently using a pair of J2350 exporting about 200+ /32 BGP
> route  to my peer, and I'm been hit by DDOS several times, the hardest
> part for me is to figure out which IP was getting the DDOS and
> deactivate that route, which will de-announce that route to my peer.
>
> However I have no established method right now to figure out which IP
> is getting DDOSed, so I am hoping somebody can pass along some
> sampling or dump method to quickly identify toublesome dst ip.
>
> Thanks!
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp


-- 
Mark Radabaugh
Amplex

mark at amplex.net  419.837.5015



More information about the juniper-nsp mailing list