On Saturday, September 03, 2011 09:18:51 PM Richard A Steenbergen wrote:
> 2) EX lo0 filters don't actually work correctly for DoS
> prevention, they get applied *AFTER* the packets have
> already destroyed the RE, and thus are completely
> ineffective at defending the boxes from attack. The only
On Fri, Sep 02, 2011 at 02:37:11PM -0400, Mark Kamichoff wrote:
>
> I'm not an EX guru, but I believe the same concepts can be applied.
With the caveats that:
1) lo0 filters *WILL* (quite incorrectly) match data plane exception
packets that get punted to the RE for further processing as well, s
Hi Matthew -
On Fri, Sep 02, 2011 at 02:28:03PM -0400, Matthew S. Crocker wrote:
> What is the recommend/preferred way to secure the SSH & Web access to
> a piece of JunOS gear? I have a couple routers (MX80) and switches
> (EX4200) that are remote. Can I attach packet filters to the system
> s
You can use a firewall filter to avoid or to permit the correct ip
address to your gear.
There is a good document at Juniper web site explaining how you can do
that (best practices) ... beside others:
http://www.cymru.com/gillsr/documents/junos-template.pdf
http://www.juniper.net/us/en/commu
What is the recommend/preferred way to secure the SSH & Web access to a piece
of JunOS gear? I have a couple routers (MX80) and switches (EX4200) that are
remote. Can I attach packet filters to the system services (HTTP,SSH)? Do I
attach the packet filter to the lo0 interface?
Thanks
-Mat
5 matches
Mail list logo