Solved

Juniper attack

Posted on 2013-01-08
5
675 Views
Last Modified: 2013-04-23
Hi,

I have à juniper SSG140 and since 2 week i can see in my log some teardrop attack.
Protection against that si enable so i dont worry.

Big problem is that since the start of this attack my bandwith is very slow (100mb normally)
Ip attack is always changing and i just don t Know what to do.

Do you have some advice?

Thanks
0
Comment
Question by:kishkool75
  • 3
  • 2
5 Comments
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 38757104
Track down the attacking IP's, report them if they are in the same country as you. if not, contact your ISP to block that IP. if nothing else can be done, consider getting a new IP.
0
 

Author Comment

by:kishkool75
ID: 38757137
IP are always changing.

If i disconnect all my service for 1 night do you think it can solve problem?
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 38757186
If your IP is always changing, then it's a dymanic IP. I assumed this was a businmess with a static Ip.

Disconnecting the modem for a night or weekend may help. I would contact tyour ISP and report the offending IP's to them.

If you don't know how to track them down, there should be a log in your firewall. You can go to http://whatismyipaddress.com/?gclid=COi-9vr22bQCFehDMgodfkIAwA 
and determine where they are and report them to your ISP.
0
 

Author Comment

by:kishkool75
ID: 38757218
Sorry i mean attacker ip was always changing (botnet...) so there is lot of différent ip.
Another thing bandwiwth slow down the day where teardrop appeared. But this is strange becuz i don t have so much connection (maybe 1 every 10 seconds on port 80 and 443 most of the time).

But on m'y juniper i saw option "block fragment traffic" uncheck.
When i Check it my log track a huuuuuuge amount of packet from à huuuuge number of ip trying to income my interface.

Problem is That with this option i can t use internet anymore...i think it drops myself too....
0
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 500 total points
ID: 38757228
I would turn it off your modem and router for as long as you can and see it it stops.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PUP or Virus 6 70
Edgemax OS VPN, to Barracuda Link Balancer 7 144
Sonicwall - user objects - usage 2 35
Login to my old Sonicwall TZ210 5 45
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now