Once I noticed the following warnings in the Juniper MX204 logs:Continue reading “Warning: Host-bound traffic for protocol/exception DHCPv4:bad-packets exceeded its allowed bandwidth”
For example, I will configure unicast RPF (reverse-path forwarding) on Juniper MX204.
RPF allows you to reduce the impact of DOS-type attacks on IPv4 and IPv6 interfaces.
Once I found the following messages in the dmesg log:Continue reading “Messages net_ratelimit: X callbacks suppressed”
Once I discovered on the graphs a large burst of Multicast packets on one of the ports of the Cisco Nexus 3064 switch, while the CPU load increased to 30%, before that it was 12% with L2 traffic of 13 Gbit/s.Continue reading “High CPU load on Cisco Nexus 3064”
In this article, I will briefly describe the principle of DDoS DNS Amplification attacks.Continue reading “Description of DNS Amplification Attacks”
File Format: PDF
File size: 3 Mb
Author: Toshiaki Makita
NTT Open Source Software Center
FastNetMon – DDoS attacks detector, allows you to detect attacks and block them, for example using the BGP Flow spec, displays information in the form of graphs.Continue reading “Installing FastNetMon”
I will give examples of viewing the number of active compounds:Continue reading “How to detect DDOS attacks”
I will give an example of a simple script against DDOS attacks for NAT servers.
The script is executed when the total number of “conntrack” connections is more than 500000, it saves to the text file the IP address which has the most “conntrack” connections, who has more than 10,000 – adds to the ipset list.