Skip to Main Content
JUNOS High Availability
book

JUNOS High Availability

by James Sonderegger, Orin Blomberg, Kieran Milne, Senad Palislamovic
August 2009
Intermediate to advanced content levelIntermediate to advanced
690 pages
20h 14m
English
O'Reilly Media, Inc.
Content preview from JUNOS High Availability

Taking Action When a DoS Attack Occurs

When you determine that a DoS attack is occurring, there is very little chance that you can do much to stop the attack itself. But there are a few ways you can block the traffic from getting to the target device.

Using Filtering to Block DoS Attacks

The most obvious step you can take to block the attack is to use firewall filters. The exact solution will depend on the type and scope of the attack, but a good general approach is to use filters similar to the ones you used to detect the attack in the first place.

Here is a filter similar to the ICMP filter shown earlier, but with a slight variation:

[edit]
lab@r1# show firewall family inet filter discard-icmp
term A {
    from {
        destination-address {
            192.168.28.1/32;
        }
        protocol icmp;
    }
    then {
        count icmp-counter;
        log;
        discard;
    }
}
term B {
    then accept;
}

In the preceding example, a filter called discard-icmp has many of the same parameters as the check-for-icmp filter, but with a key difference: ICMP traffic destined for the server is now dropped. Once you apply this filter outbound on the server-facing interface, the attack will be blocked.

Note

Do not deny traffic with the reject command. Rejecting traffic causes the JUNOS device to respond with an ICMP message of its own for each packet that matches the filter. This means the device generates as much traffic as it receives during the attack, which doesn’t help the situation!

You can implement the same solution for TCP SYN attacks, using a variation of ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Network Performance Baselining

Network Performance Baselining

Daniel Nassar
Cisco Catalyst QoS: Quality of Service in Campus Networks

Cisco Catalyst QoS: Quality of Service in Campus Networks

Mike Flannagan - CCIE® No. 7651, Richard Froom - CCIE No. 5102, Kevin Turek - CCIE No. 7284
Juniper Networks® Field Guide and Reference

Juniper Networks® Field Guide and Reference

Aviva Garrett, Gary Drenan, Cris Morris, Juniper Networks®
Juniper Networks® Reference Guide: JUNOS™ Routing, Configuration, and Architecture

Juniper Networks® Reference Guide: JUNOS™ Routing, Configuration, and Architecture

Thomas M. Thomas II, Doris Pavlichek, Lawrence H. Dwyer III, Rajah Chowbay, Wayne W. Downing III, James Sonderegger

Publisher Resources

ISBN: 9780596805449Errata Page