Additionally Netflow/jflow sampling would provide a greater level of insight.
Careful with the sampling rate however as you don't want to make the ddos
worse...
There are lots of free and paid products that will analyze jflow. Juniper sells
a Q1 labs product they call STRM. It does a great job.
My suggestion would be a managed Ethernet switch on whichever side of
the J2350 that you can put it with a SPAN port to dump traffic to
Wireshark. It should be fairly easy to spot the offending traffic.
Mark
On 3/31/12 12:50 AM, Yucong Sun (叶雨飞) wrote:
Hi,
I am currently using a pair of J23
On Tue, Apr 3, 2012 at 12:20 AM, Yucong Sun (叶雨飞) wrote:
> But jflow is not going to work in packet mode, right?
Netflow-like reporting is probably the right way to detect these types
of anomalies in a scalable manner. However, I can't speak to the
performance of it on J-series. I'm guessing that
I do not see why it would not work in packet mode.
It works on the routing platforms (MX, etc) that do not support "flow mode".
> But jflow is not going to work in packet mode, right?
>
> On Tue, Apr 3, 2012 at 12:15 AM, Per Granath
> wrote:
> > Netflow/jflow should be useful to you.
_
But jflow is not going to work in packet mode, right?
On Tue, Apr 3, 2012 at 12:15 AM, Per Granath wrote:
> Netflow/jflow should be useful to you.
>
> http://kb.juniper.net/InfoCenter/index?page=content&id=KB12512
>
> Have a look at some free collectors that will analyze the output, or consider
Netflow/jflow should be useful to you.
http://kb.juniper.net/InfoCenter/index?page=content&id=KB12512
Have a look at some free collectors that will analyze the output, or consider
Juniper STRM if you are running firewalling on the box too.
> > I am currently using a pair of J2350 exporting abo
Bumping...Any help is appreciated!
On Fri, Mar 30, 2012 at 9:50 PM, Yucong Sun (叶雨飞) wrote:
> Hi,
>
> I am currently using a pair of J2350 exporting about 200+ /32 BGP
> route to my peer, and I'm been hit by DDOS several times, the hardest
> part for me is to figure out which IP was getting the
Hi,
I am currently using a pair of J2350 exporting about 200+ /32 BGP
route to my peer, and I'm been hit by DDOS several times, the hardest
part for me is to figure out which IP was getting the DDOS and
deactivate that route, which will de-announce that route to my peer.
However I have no establ
8 matches
Mail list logo