Out of curiosity and practical interest. I was wondering if someone had a
good sample for using policers to protect against DoS attacks? I am sure
that I am missing something, but I was wondering if it would go a little
something like this:
[edit firewall]
filter test-DoS-policy {
policer TCP-DoS-Check {
if-exceeding {
bandwidth-limit 200k;
burst-size-limit 1500;
}
then {
discard;
}
term check-tcp-initial {
from {
protocol tcp;
tcp-initial;
}
then policer TCP-DoS-Check;
}
The numbers I chose for "if-exceeding" are arbitrary and that these numbers
would have to be determined on a case-by-case basis. I am curious if the
logic employed in these statements is correct. Any information would be
helpful.
Regards
Message Posted at:
http://www.groupstudy.com/form/read.php?f=9&i=588&t=588
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/juniper.html
