per.granath at gcc
Apr 3, 2012, 12:15 AM
Post #1 of 1
Netflow/jflow should be useful to you.
Re: Best way to detect abnormal traffic without enabling security?
Have a look at some free collectors that will analyze the output, or consider Juniper STRM if you are running firewalling on the box too.
> > I am currently using a pair of J2350 exporting about 200+ /32 BGP
> > route to my peer, and I'm been hit by DDOS several times, the hardest
> > part for me is to figure out which IP was getting the DDOS and
> > deactivate that route, which will de-announce that route to my peer.
> > However I have no established method right now to figure out which IP
> > is getting DDOSed, so I am hoping somebody can pass along some
> > sampling or dump method to quickly identify toublesome dst ip.
juniper-nsp mailing list juniper-nsp [at] puck