[j-nsp] Syslog getting spammed by DDOS_PROTOCOL_VIOLATION_SET
Karl Gerhard
karl_gerh at gmx.at
Tue Nov 21 06:01:32 EST 2017
Hello
our syslog is getting spammed with the following messages:
jddosd[12168]: %DAEMON-4-DDOS_PROTOCOL_VIOLATION_SET: Protocol resolve:ucast-v4 is violated at fpc 11 for 1389 times
jddosd[12168]: %DAEMON-4-DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol resolve:ucast-v4 has returned to normal. Violated at fpc 11 for 1389 times
What is puzzling is that there is barely any traffic going through that machine (like 5 MBit/s). It seems like those messages are being triggered by random noise from the internet just by announcing a single /18.
Is that normal? Is there a way to gracefully handle those messages (i.e. save them into another file) without losing important information?
Regards
Karl
More information about the juniper-nsp
mailing list