[j-nsp] DDOS_PROTOCOL_VIOLATION on DHCP - and it's not configured?

Saku Ytti saku at ytti.fi
Tue May 5 15:11:20 EDT 2020


Hey Mike,


> May  4 20:47:38  jmx240-fmt2 jddosd[3549]: DDOS_PROTOCOL_VIOLATION_SET:
> Warning: Host-bound traffic for protocol/exception  DHCPv4:bad-packets
> exceeded its allowed bandwidth at fpc 1 for 417 times, started at
> 2020-05-04 20:47:37 PDT

>     I almost want to say that, despite config, the router is in fact
> keying into relayed dhcp traffic for some reason. Wondering how I would
> go about more properly diagnosing this problem?

Is it not possible these are DADDR 255.255.255.255, which would be
punted and with specific content could hit DHCPv4:bad-packets. You can
run 'monitor traffic' on the device to try to catch what is being
punted. But you need to figure out which interface in FPC1.

-- 
  ++ytti


More information about the juniper-nsp mailing list