On 22/04/15 13:20, Farrukh Haroon wrote:
Hi Cahit
Your assumption about the order of operations seems to be wrong. If the
screen is before the filter, then how come the pings are blocked before
you start your attack script? Since your initial pings are blocked this
means the filter is working (at least during normal loads)......
It is more likely that your are either hitting a bug or the box is
incapable of the DOS generated from your script (which is running on a
high speed LAN network) and packets are getting slipped/missed from the
filter and leaking to the screen check...
Cahit sent me some information off-list which I encouraged him to
re-post here so others can contribute.
From what I understand, they're finding the screen options are not
working, presumably because it's a DDoS and there are too many sources
for source-based to work; and destination-based of course blocks the
target victim.
As such, they're trying to use IDS/IDP rules to block the traffic, but
the box is falling over under the load.
Cahit, is this correct?
We've reached the limits of my experience; it sounds like a big DDoS,
and stateful filtering may not be able to handle the load. It's probably
a question for JTAC.
Cheers,
Phil
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
