The ddos protection is meant to ignore obviously bad or very high volume traffic assumed to be ddos. The logs show that traffic of invalid protocol type and/or port was seen. The flow engine evaluates the 5 tuple and notes the fpc location of the traffic logged.
https://www.juniper.net/documentation/us/en/software/junos/security-services/topics/concept/subscriber-management-ddos-protection.html
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home------------------------------
Original Message:
Sent: 08-08-2023 07:44
From: AfroAmestigon
Subject: system ddos-protection
Colleagues hello .
show configuration system ddos-protection
traceoptions {
file ddos-trace size 10m world-readable;
flag all;
}
show log ddos-trace
Aug 8 08:08:25 5200: ProtocolID does not exist.
Aug 8 08:08:25 5200: ProtocolID does not exist.
Aug 8 08:08:25 Received flow from slot: 3, but no protocol: 0
Aug 8 08:08:25 Received flow from slot: 4, but no protocol: 0
Colleagues, can someone explain what it means is this a conclusion?