O'Reilly logo

JUNOS High Availability by Orin Blomberg, Senad Palislamovic, Kieran Milne, James Sonderegger

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Taking Action When a DoS Attack Occurs

When you determine that a DoS attack is occurring, there is very little chance that you can do much to stop the attack itself. But there are a few ways you can block the traffic from getting to the target device.

Using Filtering to Block DoS Attacks

The most obvious step you can take to block the attack is to use firewall filters. The exact solution will depend on the type and scope of the attack, but a good general approach is to use filters similar to the ones you used to detect the attack in the first place.

Here is a filter similar to the ICMP filter shown earlier, but with a slight variation:

[edit]
lab@r1# show firewall family inet filter discard-icmp
term A {
    from {
        destination-address {
            192.168.28.1/32;
        }
        protocol icmp;
    }
    then {
        count icmp-counter;
        log;
        discard;
    }
}
term B {
    then accept;
}

In the preceding example, a filter called discard-icmp has many of the same parameters as the check-for-icmp filter, but with a key difference: ICMP traffic destined for the server is now dropped. Once you apply this filter outbound on the server-facing interface, the attack will be blocked.

Note

Do not deny traffic with the reject command. Rejecting traffic causes the JUNOS device to respond with an ICMP message of its own for each packet that matches the filter. This means the device generates as much traffic as it receives during the attack, which doesn’t help the situation!

You can implement the same solution for TCP SYN attacks, using a variation of ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required