[j-nsp] DDOS_PROTOCOL_VIOLATION on DHCP - and it's not configured?

Mike mike+lists at yourtownonline.com
Tue May 5 14:31:49 EDT 2020


Hello,

    On my MX240, I occasionally get log messages of this type:

May  4 20:47:38  jmx240-fmt2 jddosd[3549]: DDOS_PROTOCOL_VIOLATION_SET:
Warning: Host-bound traffic for protocol/exception  DHCPv4:bad-packets
exceeded its allowed bandwidth at fpc 1 for 417 times, started at
2020-05-04 20:47:37 PDT
May  4 20:52:55  jmx240-fmt2 jddosd[3549]:
DDOS_PROTOCOL_VIOLATION_CLEAR: INFO: Host-bound traffic for
protocol/exception DHCPv4:bad-packets has returned to normal. Its
allowed bandwith was exceeded at fpc 1 for 417 times, from 2020-05-04
20:47:37 PDT to 2020-05-04 20:47:50 PDT

    I have looked at my config, and I am positively not providing dhcp
service of any kind, have no dhcp relay service on the router
configured, and simply fail to see how or why these messages are being
triggered. I do have some virtual hosts that are acting as dhcp servers
for relayed dhcp traffic, but at the point my router sees this traffic
its only udp port 67 traffic being forwarded to these servers from my
far away dhcp clients.

    I almost want to say that, despite config, the router is in fact
keying into relayed dhcp traffic for some reason. Wondering how I would
go about more properly diagnosing this problem?


Thank you.





More information about the juniper-nsp mailing list