We are facing the exact Same thing with mx80 iPhone'umdan gönderildi
James Jun <ja...@towardex.com> şunları yazdı (10 Nis 2017 09:14): > Hello Folks, > > We had a strange DoS attack against a customer attached to an MX104 router > that caused the device to > completely stop forwarding all legitimate traffic (routing protocols both igp > and bgp timed out across > all adjacencies and sessions). > > The attack traffic was roughly 5.9 Gbps and it was 9.5 million packets per > second, mostly mix of tcp > syn and non-init frags, etc. It was coming from a single source IP, but > targeting random IPv4 addresses > inside a directly attached customer /23, where many of the destination > targets were unused addresses > on customer's network (no arp entry). > > During the event, I saw IPv4-unclassified protocol group getting rate limited > by ddos-protection, where > aggregate policer kicked in at 858k pps: > > Received: 5659052312 Arrival rate: 1 pps > Dropped: 5641705949 Max arrival rate: 858556 pps > > > Does the tripping of IPv4-unclassified policer impact any control-plane > traffic on the router that may have > caused it to drop routing protocols? > > Aside from arp sponging out unused addresses, are there any best practices > for MX routers to better protect > the device against attacks targeting unused IPs on directly attached subnets? > Given that first gen Trio on > this box should be able to handle 55 Mpps, it seems like this is odd or > ddos-protection is policing > something that it shouldn't have. Customer port is 1GE on a 20x1G MIC card > behind the QX chip side, but > we're not doing any queueing on the box. > > > Thanks, > James > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp [SPDNET A.ŞLogo]<https://www.spd.net.tr/> Cahit Eyügünlü SPDNET A.Ş +908508409773 75.Yıl Mahallesi 5301 Sokak No:24/A Yunusemre/MANİSA [WebsiteGB]<https://www.spd.net.tr/> [email] <mailto:cahit.eyigu...@spd.net.tr> [Twitter button] <hhttps://twitter.com/NetSpd> [Facebook button] <https://www.facebook.com/SpdNetTR/> Bu e-posta kişiye özel olup, gizli bilgiler içeriyor olabilir. Eğer bu e-posta size yanlışlıkla ulaşmışsa, içeriğini hiç bir şekilde kullanmayınız ve ekli dosyaları açmayınız. Bu e-posta virüslere karşı anti-virüs sistemleri tarafından taranmıştır. Ancak SPDNET, bu e-postanın - virüs koruma sistemleri ile kontrol ediliyor olsa bile - virüs içermediğini garanti etmez ve meydana gelebilecek zararlardan doğacak hiçbir sorumluluğu kabul etmez. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
