nanog mailing list archives
11-25-03 DDoS Juniper Filter
From: "Phil Rosenthal" <pr () isprime com>
Date: Sat, 25 Jan 2003 03:17:39 -0500
We have installed the following on all network ingress/egress points, and have found it to filter the packets in question very effectively:
show configuration firewall filter filter-012503
term deny-dos { from { packet-length 404; protocol udp; destination-port 1434; } then { count codered-4; discard; } } term allow-rest { then accept; } --Phil ISPrime
Current thread:
- 11-25-03 DDoS Juniper Filter Phil Rosenthal (Jan 25)