[j-nsp] DDOS_PROTOCOL_VIOLATION on DHCP - and it's not configured?
Saku Ytti
saku at ytti.fi
Tue May 5 15:11:20 EDT 2020
Hey Mike,
> May 4 20:47:38 jmx240-fmt2 jddosd[3549]: DDOS_PROTOCOL_VIOLATION_SET:
> Warning: Host-bound traffic for protocol/exception DHCPv4:bad-packets
> exceeded its allowed bandwidth at fpc 1 for 417 times, started at
> 2020-05-04 20:47:37 PDT
> I almost want to say that, despite config, the router is in fact
> keying into relayed dhcp traffic for some reason. Wondering how I would
> go about more properly diagnosing this problem?
Is it not possible these are DADDR 255.255.255.255, which would be
punted and with specific content could hit DHCPv4:bad-packets. You can
run 'monitor traffic' on the device to try to catch what is being
punted. But you need to figure out which interface in FPC1.
--
++ytti
More information about the juniper-nsp
mailing list