[j-nsp] SRX3600 Problem
Phil Mayers
p.mayers at imperial.ac.uk
Wed Apr 22 08:44:03 EDT 2015
On 22/04/15 13:20, Farrukh Haroon wrote:
> Hi Cahit
>
> Your assumption about the order of operations seems to be wrong. If the
> screen is before the filter, then how come the pings are blocked before
> you start your attack script? Since your initial pings are blocked this
> means the filter is working (at least during normal loads)......
>
> It is more likely that your are either hitting a bug or the box is
> incapable of the DOS generated from your script (which is running on a
> high speed LAN network) and packets are getting slipped/missed from the
> filter and leaking to the screen check...
Cahit sent me some information off-list which I encouraged him to
re-post here so others can contribute.
From what I understand, they're finding the screen options are not
working, presumably because it's a DDoS and there are too many sources
for source-based to work; and destination-based of course blocks the
target victim.
As such, they're trying to use IDS/IDP rules to block the traffic, but
the box is falling over under the load.
Cahit, is this correct?
We've reached the limits of my experience; it sounds like a big DDoS,
and stateful filtering may not be able to handle the load. It's probably
a question for JTAC.
Cheers,
Phil
More information about the juniper-nsp
mailing list