hi cahit have you enabled any screens on the interface under attack?
regards farrukh On Tue, Apr 21, 2015 at 7:22 PM, Cahit Eyigünlü <cahit.eyigu...@spd.net.tr> wrote: > We are getting a spoofed ip syn attack. When attack starts and over 100K > pps our SRX3600 was losting the connection. And we check the status of the > device over the Serial connection. But we could not determine why it has > been dropped the connection > > > > Should somebody help us to over come this issue ? > > > > r...@srx3600.spd.net.tr> show security flow cp-session summary > Valid sessions: 141 > Pending sessions: 621628 > Invalidated sessions: 517864 > Sessions in other states: 1 > Total sessions: 1139634 > Maximum sessions: 2359296 > > > r...@srx3600.spd.net.tr> show security monitoring fpc 12 > FPC 12 > PIC 0 > CPU utilization : 44 % > Memory utilization : 67 % > Current flow session : 147286 > Current flow session IPv4: 147286 > Current flow session IPv6: 0 > Max flow session : 524288 > Current CP session : 1074031 > Current CP session IPv4: 1074031 > Current CP session IPv6: 0 > Max CP session : 2359296 > Total Session Creation Per Second (for last 96 seconds on average): 13 > IPv4 Session Creation Per Second (for last 96 seconds on average): 13 > IPv6 Session Creation Per Second (for last 96 seconds on average): 0 > > > > r...@srx3600.spd.net.tr> show chassis routing-engine > Routing Engine status: > Slot 0: > Current state Master > Election priority Master (default) > DRAM 1023 MB > Memory utilization 44 percent > CPU utilization: > User 0 percent > Background 0 percent > Kernel 5 percent > Interrupt 0 percent > Idle 95 percent > Model RE-PPC-1200-A > Start time 2015-04-15 02:06:10 UTC > Uptime 4 days, 15 hours, 16 minutes, 29 seconds > Last reboot reason Router rebooted after a normal shutdown. > Load averages: 1 minute 5 minute 15 minute > 0.14 0.07 0.11 > > r...@srx3600.spd.net.tr> show security monitoring performance spu > fpc 12 pic 0 > Last 60 seconds: > 0: 39 1: 45 2: 44 3: 40 4: 44 5: 40 > 6: 38 7: 46 8: 45 9: 39 10: 44 11: 39 > 12: 38 13: 45 14: 38 15: 45 16: 44 17: 39 > 18: 44 19: 39 20: 44 21: 40 22: 44 23: 39 > 24: 38 25: 45 26: 44 27: 40 28: 44 29: 40 > 30: 45 31: 40 32: 45 33: 41 34: 45 35: 39 > 36: 45 37: 39 38: 45 39: 39 40: 44 41: 39 > 42: 44 43: 39 44: 44 45: 39 46: 46 47: 39 > 48: 45 49: 39 50: 44 51: 39 52: 45 53: 39 > 54: 44 55: 39 56: 44 57: 39 58: 44 59: 39 > > r...@srx3600.spd.net.tr> show security monitoring performance session > fpc 12 pic 0 > Last 60 seconds: > 0: 127861 1: 146887 2: 130877 3: 147286 4: 134179 5: > 145303 > 6: 133196 7: 144339 8: 132233 9: 143981 10: 130861 11: > 143042 > 12: 131280 13: 142719 14: 130623 15: 142493 16: 132094 17: > 143124 > 18: 132726 19: 143938 20: 133022 21: 143349 22: 133100 23: > 143469 > 24: 134321 25: 143694 26: 137340 27: 145672 28: 141399 29: > 145458 > 30: 145697 31: 146920 32: 144260 33: 145259 34: 141360 35: > 142157 > 36: 137389 37: 140399 38: 136483 39: 139640 40: 136597 41: > 139363 > 42: 139707 43: 143110 44: 140994 45: 143038 46: 139781 47: > 141751 > 48: 136746 49: 139456 50: 137395 51: 139898 52: 137503 53: > 140300 > 54: 136762 55: 139315 56: 136245 57: 138951 58: 136685 59: > 139288 > > r...@srx3600.spd.net.tr> show chassis hardware > Hardware inventory: > Item Version Part number Serial number Description > Chassis xxxxxxxxxxxx SRX 3600 > Midplane REV 07 710-020310 xxxxxxxxxxxx SRX 3600 > Midplane > PEM 0 rev 08 740-027644 xxxxxxxxxxxx AC Power Supply > PEM 1 rev 08 740-027644 xxxxxxxxxxxx AC Power Supply > CB 0 REV 14 750-021914 xxxxxxxxxxxx SRX3k RE-12-10 > Routing Engine BUILTIN BUILTIN Routing Engine > CPP BUILTIN BUILTIN Central PFE > Processor > Mezz REV 08 710-021035 xxxxxxxxxxxx SRX HD > Mezzanine Card > FPC 0 REV 16 750-021882 xxxxxxxxxxxx SRX3k SFB 12GE > PIC 0 BUILTIN BUILTIN 8x 1GE-TX 4x > 1GE-SFP > FPC 1 REV 20 750-020321 xxxxxxxxxxxx SRX3k 2x10GE > XFP > PIC 0 BUILTIN BUILTIN 2x 10GE-XFP > Xcvr 0 NON-JNPR xxxxxxxxxxxx XFP-10G-SR > Xcvr 1 NON-JNPR xxxxxxxxxxxx XFP-10G-SR > FPC 4 REV 14 750-020321 xxxxxxxxxxxx SRX3k 2x10GE > XFP > PIC 0 BUILTIN BUILTIN 2x 10GE-XFP > Xcvr 0 NON-JNPR xxxxxxxxxxxx XFP-10G-SR > Xcvr 1 NON-JNPR xxxxxxxxxxxx XFP-10G-SR > FPC 10 REV 19 750-017866 xxxxxxxxxxxx SRX3k NPC > PIC 0 BUILTIN BUILTIN NPC PIC > FPC 12 REV 13 750-016077 xxxxxxxxxxxx SRX3k SPC > PIC 0 BUILTIN BUILTIN SPU Cp-Flow > Fan Tray 0 REV 06 750-021599 xxxxxxxxxxxx SRX 3600 Fan > Tray > > > > srx3600.spd.net.tr Seconds: 7 Time: > 17:23:00 > Delay: 0/0/46 > Interface: ge-0/0/1, Enabled, Link is Up > Encapsulation: Ethernet, Speed: 1000mbps > Traffic statistics: Current delta > Input bytes: 83679085589 (437323760 bps) [389746332] > Output bytes: 101886713 (0 bps) [60] > Input packets: 1359813079 (881694 pps) [6286191] > Output packets: 594841 (0 pps) [1] > Error statistics: > Input errors: 0 [0] > Input drops: 0 [0] > Input framing errors: 0 [0] > Policed discards: 0 [0] > L3 incompletes: 0 [0] > L2 channel errors: 0 [0] > L2 mismatch timeouts: 0 Carrier transiti [0] > > > > > > > Next='n', Quit='q' or ESC, Freeze='f', Thaw='t', Clear='c', Interface='i' > > > > r...@srx3600.spd.net.tr> show chassis routing-engine > Routing Engine status: > Slot 0: > Current state Master > Election priority Master (default) > DRAM 1023 MB > Memory utilization 44 percent > CPU utilization: > User 0 percent > Background 0 percent > Kernel 4 percent > Interrupt 0 percent > Idle 95 percent > Model RE-PPC-1200-A > Start time 2015-04-15 02:06:10 UTC > Uptime 4 days, 15 hours, 18 minutes, 19 seconds > Last reboot reason Router rebooted after a normal shutdown. > Load averages: 1 minute 5 minute 15 minute > 0.04 0.06 0.10 > > > > ? > > > ________________________________ > Bu e-posta kişiye özel olup, gizli bilgiler içeriyor olabilir. Eğer bu > e-posta size yanlışlıkla ulaşmışsa, içeriğini hiç bir şekilde kullanmayınız > ve ekli dosyaları açmayınız. Bu e-posta virüslere karşı anti-virüs > sistemleri tarafından taranmıştır. Ancak SPDNET, bu e-postanın - virüs > koruma sistemleri ile kontrol ediliyor olsa bile - virüs içermediğini > garanti etmez ve meydana gelebilecek zararlardan doğacak hiçbir sorumluluğu > kabul etmez. > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp