Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: nsp: juniper

Re: Best way to detect abnormal traffic without enabling security?

 

 

nsp juniper RSS feed   Index | Next | Previous | View Threaded


per.granath at gcc

Apr 3, 2012, 12:15 AM

Post #1 of 1 (256 views)
Permalink
Re: Best way to detect abnormal traffic without enabling security?

Netflow/jflow should be useful to you.

http://kb.juniper.net/InfoCenter/index?page=content&id=KB12512

Have a look at some free collectors that will analyze the output, or consider Juniper STRM if you are running firewalling on the box too.


> > I am currently using a pair of J2350 exporting about 200+ /32 BGP
> > route to my peer, and I'm been hit by DDOS several times, the hardest
> > part for me is to figure out which IP was getting the DDOS and
> > deactivate that route, which will de-announce that route to my peer.
> >
> > However I have no established method right now to figure out which IP
> > is getting DDOSed, so I am hoping somebody can pass along some
> > sampling or dump method to quickly identify toublesome dst ip.

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

nsp juniper RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.