kishkool75
asked on
Juniper attack
Hi,
I have à juniper SSG140 and since 2 week i can see in my log some teardrop attack.
Protection against that si enable so i dont worry.
Big problem is that since the start of this attack my bandwith is very slow (100mb normally)
Ip attack is always changing and i just don t Know what to do.
Do you have some advice?
Thanks
I have à juniper SSG140 and since 2 week i can see in my log some teardrop attack.
Protection against that si enable so i dont worry.
Big problem is that since the start of this attack my bandwith is very slow (100mb normally)
Ip attack is always changing and i just don t Know what to do.
Do you have some advice?
Thanks
Tony Giangreco
Track down the attacking IP's, report them if they are in the same country as you. if not, contact your ISP to block that IP. if nothing else can be done, consider getting a new IP.
ASKER
IP are always changing.
If i disconnect all my service for 1 night do you think it can solve problem?
If i disconnect all my service for 1 night do you think it can solve problem?
If your IP is always changing, then it's a dymanic IP. I assumed this was a businmess with a static Ip.
Disconnecting the modem for a night or weekend may help. I would contact tyour ISP and report the offending IP's to them.
If you don't know how to track them down, there should be a log in your firewall. You can go to http://whatismyipaddress.com/?gclid=COi-9vr22bQCFehDMgodfkIAwA
and determine where they are and report them to your ISP.
Disconnecting the modem for a night or weekend may help. I would contact tyour ISP and report the offending IP's to them.
If you don't know how to track them down, there should be a log in your firewall. You can go to http://whatismyipaddress.com/?gclid=COi-9vr22bQCFehDMgodfkIAwA
and determine where they are and report them to your ISP.
ASKER
Sorry i mean attacker ip was always changing (botnet...) so there is lot of différent ip.
Another thing bandwiwth slow down the day where teardrop appeared. But this is strange becuz i don t have so much connection (maybe 1 every 10 seconds on port 80 and 443 most of the time).
But on m'y juniper i saw option "block fragment traffic" uncheck.
When i Check it my log track a huuuuuuge amount of packet from à huuuuge number of ip trying to income my interface.
Problem is That with this option i can t use internet anymore...i think it drops myself too....
Another thing bandwiwth slow down the day where teardrop appeared. But this is strange becuz i don t have so much connection (maybe 1 every 10 seconds on port 80 and 443 most of the time).
But on m'y juniper i saw option "block fragment traffic" uncheck.
When i Check it my log track a huuuuuuge amount of packet from à huuuuge number of ip trying to income my interface.
Problem is That with this option i can t use internet anymore...i think it drops myself too....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.