[j-nsp] SRX3600 Problem

Farrukh Haroon farrukhharoon at gmail.com
Wed Apr 22 08:20:09 EDT 2015


Hi Cahit

Your assumption about the order of operations seems to be wrong. If the
screen is before the filter, then how come the pings are blocked before you
start your attack script? Since your initial pings are blocked this means
the filter is working (at least during normal loads)......

It is more likely that your are either hitting a bug or the box is
incapable of the DOS generated from your script (which is running on a high
speed LAN network) and packets are getting slipped/missed from the filter
and leaking to the screen check...

Regards
Farrukh





On Wed, Apr 22, 2015 at 1:50 PM, Phil Mayers <p.mayers at imperial.ac.uk>
wrote:

> On 21/04/15 17:22, Cahit Eyigünlü wrote:
>
>> We are getting a spoofed ip syn attack. When attack starts and over
>> 100K pps our SRX3600 was losting the connection. And we check the
>> status of the device over the Serial connection. But we could not
>> determine why it has been dropped the connection
>>
>
> What is "the connection" here? I don't understand your problem.
>
> If you don't have "screen" protections enabled then yes, 100kpps of
> spoofed syn will knock the box over.
>
> See for example:
>
>
> http://www.juniper.net/documentation/en_US/junos12.1/topics/concept/denial-of-service-network-syn-cookie-protection-understanding.html
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list