flood (UDP)

Syntax

Hierarchy Level

Release Information

Statement modified in Release 9.2 of Junos OS.

Description

Configure the device to detect and prevent UDP floods. UDP flooding occurs when an attacker sends UDP packets to slow down the system to the point that it can no longer process valid connection requests.

The threshold defines the number of UDP packets per second allowed to ping the same destination IP address/port pair. When the number of packets exceeds this value within any 1-second period, the device generates an alarm and drops subsequent packets for the remainder of that second.

Options

threshold number —Number of UDP packets per second allowed to ping the same destination address before the device rejects further UDP packets.

Range: 1 through 100000 per second

Default: 1000 per second

Note: For SRX series devices the applicable range is 1 through 4000000 per second.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.