Netflow/jflow should be useful to you. http://kb.juniper.net/InfoCenter/index?page=content&id=KB12512
Have a look at some free collectors that will analyze the output, or consider Juniper STRM if you are running firewalling on the box too. > > I am currently using a pair of J2350 exporting about 200+ /32 BGP > > route to my peer, and I'm been hit by DDOS several times, the hardest > > part for me is to figure out which IP was getting the DDOS and > > deactivate that route, which will de-announce that route to my peer. > > > > However I have no established method right now to figure out which IP > > is getting DDOSed, so I am hoping somebody can pass along some > > sampling or dump method to quickly identify toublesome dst ip. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp