Hello all,
I am having a dos attack from one of my Transit providers.
I already have a bogon filter on the router.
I have also tried a blackhole with a bgp community.
The attack still seem to be on.
My config below:
protocols {
bgp {
group {
type external;
Hello,
the question is: What do you want to do?
a) Filter the attacked IP (your IP) by your ISP in terms of blackhole
community. Does your ISP offer this?
If they do you need to announce them this single IP address (/32) with
their community set.
b) You can filter the attack on the interfaces
You should set the firewall filter on interface to your transit to dropped the
packet.
-Original Message-
From: kwarteng kwart...@myzipnet.com
Sender: juniper-nsp-boun...@puck.nether.net
Date: Tue, 5 Apr 2011 13:00:47
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] mitigating dos attack
Networks) [mailto:j...@probe-networks.de]
Sent: Tuesday, April 05, 2011 1:36 PM
To: kwarteng
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] mitigating dos attack on Juniper M10i
Hello,
the question is: What do you want to do?
a) Filter the attacked IP (your IP) by your ISP in terms
customers.
Any help please
Emmanuel
-Original Message-
From: Jonas Frey (Probe Networks) [mailto:j...@probe-networks.de]
Sent: Tuesday, April 05, 2011 1:36 PM
To: kwarteng
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] mitigating dos attack on Juniper M10i
Hello
-Original Message-
From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-
boun...@puck.nether.net] On Behalf Of imu...@gmail.com
Sent: Tuesday, April 05, 2011 10:04 AM
To: juniper-nsp-boun...@puck.nether.net; juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] mitigating dos
of the attack has already been done by the time the traffic reaches
your filters.
jms
-Original Message-
From: kwarteng kwart...@myzipnet.com
Sender: juniper-nsp-boun...@puck.nether.net
Date: Tue, 5 Apr 2011 13:00:47
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] mitigating dos attack
-Original Message-
From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-
boun...@puck.nether.net] On Behalf Of kwarteng
Sent: Tuesday, April 05, 2011 10:08 AM
To: 'Jonas Frey (Probe Networks)'
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] mitigating dos attack
)
(319) 329-8578 (mobile)
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Giuliano Medalha
Sent: Tuesday, April 05, 2011 10:53 AM
To: Stefan Fouant
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] mitigating dos
-Original Message-
From: Giuliano Medalha [mailto:giuli...@wztech.com.br]
Sent: Tuesday, April 05, 2011 11:53 AM
To: Stefan Fouant
Cc: kwarteng; Jonas Frey (Probe Networks); juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] mitigating dos attack on Juniper M10i
You can create a RE
dos attack on Juniper M10i
Without flow visibility, one way to accomplish this and determine the
IP
under attack is to use something called Prefix-Specific Counters.
Something
along the following lines should help you to narrow it down. Insert
term 1
into the appropriate location
[edit
: Jonas Frey (Probe Networks); juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] mitigating dos attack on Juniper M10i
It depends on just how bad the attack is.
If you can't identify the major sources with something like netflow/cflow,
you might be able to identify the target. I suggest popping
Is firewall filter SAMPLER or BLOCK-FROM-INTERNET doing any type of then
accept on the remainder traffic?
If so, an accept is a terminating action, and no other filters (even
filter-chains) are evaluated; hence filter all is never called.
- Chris.
On 2011-04-06, at 7:32 AM, kwarteng wrote:
: OBrien, Will [mailto:obri...@missouri.edu]
Sent: Tuesday, April 05, 2011 2:24 PM
To: kwarteng
Cc: Jonas Frey (Probe Networks); juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] mitigating dos attack on Juniper M10i
It depends on just how bad the attack is.
If you can't identify the major
-Original Message-
From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-
boun...@puck.nether.net] On Behalf Of Jonas Frey (Probe Networks)
Sent: Tuesday, April 05, 2011 10:24 PM
To: kwarteng
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] mitigating dos attack
15 matches
Mail list logo