flood (Security UDP)
Statement modified in Junos OS Release 9.2.
Configure the device to detect and prevent UDP floods. UDP flooding occurs when an attacker sends UDP packets to slow down the system to the point that it can no longer process valid connection requests.
The threshold defines the number of UDP packets per second allowed to ping the same destination IP address/port pair. When the number of packets exceeds this value within any 1-second period, the device generates an alarm and drops subsequent packets for the remainder of that second.
threshold number —Number of UDP packets per second allowed to ping the same destination address before the device rejects further UDP packets.
Range: 1 through 4,000,000 per second
Default: 1,000 per second
For SRX300, SRX320, SRX340, and SRX345, the applicable range is 1 through 100,000 per second.
For SRX1500, SRX4100, SRX4200, and vSRX, the applicable range is 1 to 1,000,000.
For SRX4600, the applicable range is 1 through 4,000,000 per second.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.