[j-nsp] DDoS protection for J-series and SRX

Mark Kamichoff prox at prolixium.com
Thu Apr 11 10:31:34 EDT 2013

On Thu, Apr 11, 2013 at 10:57:55AM +0200, James Howlett wrote:
> I have a small network with J6350 as a border router (BGP) and two
> SRX240H in a cluster.  Since few days my network is a victim of DDoS
> attacks. Majority of them are high pps count attacks.
> Are there any methods to protect my network against such attacks. My
> J-series can handle quite a lot of pps, but my SRX die after getting
> more than 8000 new sessions per second.
> Is there anything i can do here?

Definitely SCREENs, as other folks have said.

However, in the corner case where you're getting traffic for a
particular service or destination IP that isn't in use (maybe not in
this instance), a quick way of protecting the traffic from hitting the
flow module is to use a firewall filter with a discard action for that

Just something to keep in your toobox..

- Mark

Mark Kamichoff
prox at prolixium.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20130411/1a63fe81/attachment.sig>

More information about the juniper-nsp mailing list