Определить какой протокол сработал:
show ddos-protection protocols statistics terse
Уменьшить/увеличить порог срабатывания защиты
set system ddos-protection protocols ttl aggregate burst 500
If this solves your problem, please mark this post as «Accepted Solution.»
Kudos are always appreciated 
.
show ddos-protection protocols statistics | find «Protocol Group: L3MTU»
show ddos-protection protocols statistics | find «Protocol Group: IPMCAST»
Based on the timing of log messages, you can check for actual packets hitting the routing engine of the device using:
monitor traffic interface <intf_name> no-resolve extensive
OR
monitor traffic interface <intf_name> no-resolve extensive write-file /var/tmp/DDOS.pcap ———> remember to stop this, copy out the file «DDOS.pcap» from /var/tmp/ and delete it before its too big.
https://forums.juniper.net/t5/Ethernet-Switching/jddosd-warning-on-multiple-fpc-s/td-p/461521
https://www.juniper.net/documentation/en_US/junos/topics/concept/subscriber-management-ddos-protection.html