Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Using loopback filter to protect M, T, MX routers' routing-engine from DoS attack



Article ID: TN226 TECHNOTES Last Updated: 29 Jun 2012Version: 2.0
In this document , we intend to summarize the various denial of service attacks that a router is generally vulnerable to and the mechanisms that can be put in place on the Juniper M/T series routers to protect the device against such denial of service attacks. More specifically, it focuses on how the firewall functionality provided by the Juniper routers can be used to deal with denial of service attacks. For each type of the denial of service attacks, we have provided examples of how the “malicious” data packets can look like and how we can configure the router to protect against the specific type of attack. Finally, at the end, we have tried to consolidate all our protection mechanisms into a single firewall configuration and use it to protect the box against DOS attack.

The document is written only from the point of view of Junos software; we can later investigate the equivalent features on Junose to provide the same DOS protection capabilities. Since Junos and Junose have almost equivalent capabilities with respect to firewall features(with JunOSe even able to provide more advanced features), we can assume that we can provide the same or greater capabilities on the E-series boxes.

Lastly, the document touches upon the various architectural limitations and caveats that M/T series boxes has with respect to the DOS attack protection features and what we plan to do going ahead for overcoming these limitations.

DOS_Prevention [PDF]
loopback filter, routing-engine, DoS,
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search