[j-nsp] Syslog getting spammed by DDOS_PROTOCOL_VIOLATION_SET

Luis Balbinot luis at luisbalbinot.com
Tue Nov 21 07:12:16 EST 2017


Most likely spoofed traffic or you don't have full tables or a default
route. A /18 will pull a lot of unwanted traffic.

The DDoS protection factory defaults are very low in some cases. The
Juniper MX Series book has a nice chapter on that.

On Tue, 21 Nov 2017 at 09:02 Karl Gerhard <karl_gerh at gmx.at> wrote:

> Hello
>
> our syslog is getting spammed with the following messages:
> jddosd[12168]: %DAEMON-4-DDOS_PROTOCOL_VIOLATION_SET: Protocol
> resolve:ucast-v4 is violated at fpc 11 for 1389 times
> jddosd[12168]: %DAEMON-4-DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol
> resolve:ucast-v4 has returned to normal. Violated at fpc 11 for 1389 times
>
> What is puzzling is that there is barely any traffic going through that
> machine (like 5 MBit/s). It seems like those messages are being triggered
> by random noise from the internet just by announcing a single /18.
>
> Is that normal? Is there a way to gracefully handle those messages (i.e.
> save them into another file) without losing important information?
>
> Regards
> Karl
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list