[j-nsp] mitigating dos attack on Juniper M10i

2011-04-05 Thread kwarteng
Hello all, I am having a dos attack from one of my Transit providers. I already have a bogon filter on the router. I have also tried a blackhole with a bgp community. The attack still seem to be on. My config below: protocols { bgp { group { type external;

Re: [j-nsp] mitigating dos attack on Juniper M10i

2011-04-05 Thread Jonas Frey (Probe Networks)
Hello, the question is: What do you want to do? a) Filter the attacked IP (your IP) by your ISP in terms of blackhole community. Does your ISP offer this? If they do you need to announce them this single IP address (/32) with their community set. b) You can filter the attack on the interfaces

Re: [j-nsp] mitigating dos attack on Juniper M10i

2011-04-05 Thread imutsu
You should set the firewall filter on interface to your transit to dropped the packet. -Original Message- From: kwarteng kwart...@myzipnet.com Sender: juniper-nsp-boun...@puck.nether.net Date: Tue, 5 Apr 2011 13:00:47 To: juniper-nsp@puck.nether.net Subject: [j-nsp] mitigating dos attack

Re: [j-nsp] mitigating dos attack on Juniper M10i

2011-04-05 Thread kwarteng
Networks) [mailto:j...@probe-networks.de] Sent: Tuesday, April 05, 2011 1:36 PM To: kwarteng Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] mitigating dos attack on Juniper M10i Hello, the question is: What do you want to do? a) Filter the attacked IP (your IP) by your ISP in terms

Re: [j-nsp] mitigating dos attack on Juniper M10i

2011-04-05 Thread OBrien, Will
customers. Any help please Emmanuel -Original Message- From: Jonas Frey (Probe Networks) [mailto:j...@probe-networks.de] Sent: Tuesday, April 05, 2011 1:36 PM To: kwarteng Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] mitigating dos attack on Juniper M10i Hello

Re: [j-nsp] mitigating dos attack on Juniper M10i

2011-04-05 Thread Stefan Fouant
-Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp- boun...@puck.nether.net] On Behalf Of imu...@gmail.com Sent: Tuesday, April 05, 2011 10:04 AM To: juniper-nsp-boun...@puck.nether.net; juniper-nsp@puck.nether.net Subject: Re: [j-nsp] mitigating dos

Re: [j-nsp] mitigating dos attack on Juniper M10i

2011-04-05 Thread Justin M. Streiner
of the attack has already been done by the time the traffic reaches your filters. jms -Original Message- From: kwarteng kwart...@myzipnet.com Sender: juniper-nsp-boun...@puck.nether.net Date: Tue, 5 Apr 2011 13:00:47 To: juniper-nsp@puck.nether.net Subject: [j-nsp] mitigating dos attack

Re: [j-nsp] mitigating dos attack on Juniper M10i

2011-04-05 Thread Stefan Fouant
-Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp- boun...@puck.nether.net] On Behalf Of kwarteng Sent: Tuesday, April 05, 2011 10:08 AM To: 'Jonas Frey (Probe Networks)' Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] mitigating dos attack

Re: [j-nsp] mitigating dos attack on Juniper M10i

2011-04-05 Thread Jensen Tyler
) (319) 329-8578 (mobile) -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Giuliano Medalha Sent: Tuesday, April 05, 2011 10:53 AM To: Stefan Fouant Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] mitigating dos

Re: [j-nsp] mitigating dos attack on Juniper M10i

2011-04-05 Thread Stefan Fouant
-Original Message- From: Giuliano Medalha [mailto:giuli...@wztech.com.br] Sent: Tuesday, April 05, 2011 11:53 AM To: Stefan Fouant Cc: kwarteng; Jonas Frey (Probe Networks); juniper-nsp@puck.nether.net Subject: Re: [j-nsp] mitigating dos attack on Juniper M10i You can create a RE

Re: [j-nsp] mitigating dos attack on Juniper M10i

2011-04-05 Thread Stefan Fouant
dos attack on Juniper M10i Without flow visibility, one way to accomplish this and determine the IP under attack is to use something called Prefix-Specific Counters. Something along the following lines should help you to narrow it down. Insert term 1 into the appropriate location [edit

Re: [j-nsp] mitigating dos attack on Juniper M10i

2011-04-05 Thread kwarteng
: Jonas Frey (Probe Networks); juniper-nsp@puck.nether.net Subject: Re: [j-nsp] mitigating dos attack on Juniper M10i It depends on just how bad the attack is. If you can't identify the major sources with something like netflow/cflow, you might be able to identify the target. I suggest popping

Re: [j-nsp] mitigating dos attack on Juniper M10i

2011-04-05 Thread Chris Kawchuk
Is firewall filter SAMPLER or BLOCK-FROM-INTERNET doing any type of then accept on the remainder traffic? If so, an accept is a terminating action, and no other filters (even filter-chains) are evaluated; hence filter all is never called. - Chris. On 2011-04-06, at 7:32 AM, kwarteng wrote:

Re: [j-nsp] mitigating dos attack on Juniper M10i

2011-04-05 Thread Jonas Frey (Probe Networks)
: OBrien, Will [mailto:obri...@missouri.edu] Sent: Tuesday, April 05, 2011 2:24 PM To: kwarteng Cc: Jonas Frey (Probe Networks); juniper-nsp@puck.nether.net Subject: Re: [j-nsp] mitigating dos attack on Juniper M10i It depends on just how bad the attack is. If you can't identify the major

Re: [j-nsp] mitigating dos attack on Juniper M10i

2011-04-05 Thread Stefan Fouant
-Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp- boun...@puck.nether.net] On Behalf Of Jonas Frey (Probe Networks) Sent: Tuesday, April 05, 2011 10:24 PM To: kwarteng Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] mitigating dos attack