On Fri, 16 Oct 2009, Bit Gossip wrote:
https://puck.nether.net/pipermail/juniper-nsp/2009-May/013325.html
...
and only ~4 arp requests received a reply from M7i
which makes roughly ~222 arp-reply/sec
...
My conclusion is that the setting for __default_arp_policer__
are perfectly fine and
This is a very valid point.
I have also verified that if no user-defined policer is applied and only
the internal __default_arp_policer__ is in place, this policer is a
global policer and drops arp-req from any interface if a single
interface is under ARP attack
Another point of having
In reply to (a little bit late :-):
https://puck.nether.net/pipermail/juniper-nsp/2009-May/013325.html
I have done some testing with M7i and Junos 9.5R2 and simulated
ARP-FLOOD attack. No protection on the M7i.
Attack generates ~850 arp requests in 180 secs
which makes roughly 48000
3 matches
Mail list logo