Mailing List Archive

Re: Best way to detect abnormal traffic without enabling security?
Netflow/jflow should be useful to you.

Have a look at some free collectors that will analyze the output, or consider Juniper STRM if you are running firewalling on the box too.

> > I am currently using a pair of J2350 exporting about 200+ /32 BGP
> > route to my peer, and I'm been hit by DDOS several times, the hardest
> > part for me is to figure out which IP was getting the DDOS and
> > deactivate that route, which will de-announce that route to my peer.
> >
> > However I have no established method right now to figure out which IP
> > is getting DDOSed, so I am hoping somebody can pass along some
> > sampling or dump method to quickly identify toublesome dst ip.

juniper-nsp mailing list