[j-nsp] DDOS_PROTOCOL_VIOLATION_SET: Protocol Reject:aggregate

Chris Morrow morrowc at ops-netman.net
Wed Dec 10 23:45:26 EST 2014 


On 12/10/2014 11:21 PM, Giuliano (WZTECH) wrote:
> Chris
> 
> The best option is to disable the feature ?
> 

I think it's the best option.. juniper tried to do something 'nice' for
you by setting some low (I think) limits on things you might actually
care to see and deal with elsewhere...

> And about to configure it ?
> 
> If you have a protect-re firewall filter applied in loopback ... Can this be done ?
> 

all devices on the public network should have clear policies in place to
protect themselves from the rest of the world. Your juniper loopback
filter should permit the routing protocols you care about and your
management access... and everything else should be discarded. Cymru's
templates are decent for this actually.

-chris

> Is it safe ?
> 
> Some documents from juniper showing the best way ?
> 
> And about to disable the process ?
> 
> Thanks a lot
> 
> 
> 
> Sent from my iPhone
> 
>> On Dec 11, 2014, at 01:20, Chris Morrow <morrowc at ops-netman.net> wrote:
>>
>>
>>
>>> On 12/10/2014 09:54 PM, Wojciech Janiszewski wrote:
>>> Hi,
>>>
>>> Make sure that you have a "discard" next-hop instead of default "reject" in
>>> your aggregate routes.
>>> That should help.
>>
>> ick, that ddos protection stuff in JunOS is broken...you should just
>> disable it:
>> system {
>>    ddos-protection {
>>        global {
>>            disable-routing-engine;
>>            disable-fpc;
>>            disable-logging;
>>        }
>>    }
>> }
>>
>>
>>
>>> 2014-12-10 23:16 GMT+01:00 Brendan Mannella <bmannella at teraswitch.com>:
>>>
>>>> Just wondering if anyone has ever seen these DDOS messages before and
>>>> what i should be looking at to resolve.
>>>>
>>>> Dec 10 11:10:24  re0.edge2 jddosd[2710]:
>>>> DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol Reject:aggregate has returned
>>>> to normal. Violated at fpc 1 for 931 times, from 2014-12-10 11:05:23
>>>> EST to 2014-12-10 11:05:23 EST
>>>>
>>>> Dec 10 11:23:44  re0.edge2 jddosd[2710]: DDOS_PROTOCOL_VIOLATION_SET:
>>>> Protocol Reject:aggregate is violated at fpc 1 for 932 times, started
>>>> at 2014-12-10 11:23:43 EST
>>>>
>>>> Dec 10 11:28:49  re0.edge2 jddosd[2710]:
>>>> DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol Reject:aggregate has returned
>>>> to normal. Violated at fpc 1 for 932 times, from 2014-12-10 11:23:43
>>>> EST to 2014-12-10 11:23:43 EST
>>>>
>>>> Dec 10 12:50:55  re0.edge2 xntpd[2681]: kernel time sync enabled 6001
>>>>
>>>> Dec 10 13:08:00  re0.edge2 xntpd[2681]: kernel time sync enabled 2001
>>>>
>>>> Dec 10 15:01:34  re0.edge2 jddosd[2710]: DDOS_PROTOCOL_VIOLATION_SET:
>>>> Protocol Reject:aggregate is violated at fpc 1 for 933 times, started
>>>> at 2014-12-10 15:01:33 EST
>>>>
>>>> Dec 10 15:06:34  re0.edge2 jddosd[2710]:
>>>> DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol Reject:aggregate has returned
>>>> to normal. Violated at fpc 1 for 933 times, from 2014-12-10 15:01:33
>>>> EST to 2014-12-10 15:01:33 EST
>>>> _______________________________________________
>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list