[j-nsp] DDOS_PROTOCOL_VIOLATION_SET: Protocol Reject:aggregate

Sebastian Wiesinger juniper-nsp at ml.karotte.org
Mon Dec 15 09:14:04 EST 2014


* Brendan Mannella <bmannella at teraswitch.com> [2014-12-10 23:18]:
> Just wondering if anyone has ever seen these DDOS messages before and
> what i should be looking at to resolve.
> 
> Dec 10 11:10:24  re0.edge2 jddosd[2710]:
> DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol Reject:aggregate has returned
> to normal. Violated at fpc 1 for 931 times, from 2014-12-10 11:05:23
> EST to 2014-12-10 11:05:23 EST

If you have firewall filters, try to change "reject" actions to
"discard". The router is flooded with packets for which he is
configured to send a TCP Reset or ICMP error message back.

Regards

Sebastian


-- 
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A  9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
            -- Terry Pratchett, The Fifth Elephant


More information about the juniper-nsp mailing list