tag:blogger.com,1999:blog-5512742789507494765.post7868352779588804916..comments2024-02-10T10:34:39.942+02:00Comments on random musings about networks and everything: Sorry state of JunOS control plane protectionAnonymoushttp://www.blogger.com/profile/15664890181316399350noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-5512742789507494765.post-86889633863658597472020-09-22T13:20:29.254+03:002020-09-22T13:20:29.254+03:00You will find all kinds of slots, Online 77kasino...You will find all kinds of slots, Online <a href="https://77kasino.com" rel="nofollow">77kasino</a> Casino table games, and other unique gambling opportunities. Bernard Boydhttps://www.blogger.com/profile/06629975452420097699noreply@blogger.comtag:blogger.com,1999:blog-5512742789507494765.post-63414871138647359932012-10-26T21:03:18.323+03:002012-10-26T21:03:18.323+03:00It could be worse, try the control-plane filters o...It could be worse, try the control-plane filters on an EX (even the 8200, which is supposed to be capable of being a real router). They have no policer capabilities on lo0 filters at all, but even if you explicitly reject the traffic, it doesn't actually drop the packets until they've filled up the internal links and killed your control plane. <br /><br />As far as I can tell there is no point in configuring an lo0 filter at all, they're purely cosmetic. Even worse, they actually prevent you from seeing the offending traffic in tcpdump if you ARE under attack, while still allowing the attack to succeed. If you want to protect your control plane on those boxes, the only solution is to deploy per-interface ingress filters on EVERY interface, which has its own brand of issues. :)Anonymousnoreply@blogger.com