[j-nsp] SRX3600 Problem

Phil Mayers p.mayers at imperial.ac.uk
Wed Apr 22 08:44:03 EDT 2015

On 22/04/15 13:20, Farrukh Haroon wrote:
> Hi Cahit
> Your assumption about the order of operations seems to be wrong. If the
> screen is before the filter, then how come the pings are blocked before
> you start your attack script? Since your initial pings are blocked this
> means the filter is working (at least during normal loads)......
> It is more likely that your are either hitting a bug or the box is
> incapable of the DOS generated from your script (which is running on a
> high speed LAN network) and packets are getting slipped/missed from the
> filter and leaking to the screen check...

Cahit sent me some information off-list which I encouraged him to 
re-post here so others can contribute.

 From what I understand, they're finding the screen options are not 
working, presumably because it's a DDoS and there are too many sources 
for source-based to work; and destination-based of course blocks the 
target victim.

As such, they're trying to use IDS/IDP rules to block the traffic, but 
the box is falling over under the load.

Cahit, is this correct?

We've reached the limits of my experience; it sounds like a big DDoS, 
and stateful filtering may not be able to handle the load. It's probably 
a question for JTAC.


More information about the juniper-nsp mailing list