Hi,
I am seeing high cpu utilization on my srx and the box is moving very slow. I am aware of some ongoing ntp 'monlist' internet ddos attacks and my device has a public ip on it. Juniper says that JUNOS isn't affected on the ntp 'monlist' command but how do I mitigate against such high process times?
TEST-SRX-NODE0> show system processes extensive
node0:
--------------------------------------------------------------------------
last pid: 26852; load averages: 2.06, 2.03, 2.01 up 50+18:31:24 13:08:57
134 processes: 21 running, 101 sleeping, 1 zombie, 11 waiting
Mem: 177M Active, 115M Inact, 1023M Wired, 142M Cache, 112M Buf, 514M Free
Swap:
PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
15229 root 1 139 0 3324K 2940K RUN 0 369.8H 7518.75% ntpd
1088 root 1 76 0 12556K 4476K select 0 231:45 7518.75% eventd
22 root 1 171 52 0K 16K RUN 0 607.1H 0.00% idle: cpu0
I restarted the ntp service and performace was normal again. ntp was at 0.00%....after 15 mins it climbed to 5% and now its at 10%. In my system ntp statement, i just have 3 public ntp servers.
PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
1349 root 7 76 0 979M 51332K select 0 3825.3 333.01% flowd_octeon_hm
22 root 1 171 52 0K 16K RUN 0 607.3H 17.29% idle: cpu0
27541 root 1 81 0 3160K 2776K select 0 6:37 9.77% ntpd
Any suggestions? I know for thr junos routers, I can put a firewall filter but I am not finding anything related to the srx.
Thanks