udp-sweep

Syntax

Hierarchy Level

Release Information

Statement introduced in Release 10.2 of Junos OS.

Description

Configure the device to detect and prevent UDP sweep attack. In a UDP sweep attack, an attacker sends UDP packets to the target device. If the device responds to those packets, the attacker gets an indication that a port in the target device is open, which makes the port vulnerable to attack. If a remote host sends UDP packets to 10 addresses in 0.005 seconds (5000 microseconds), then the device flags this as an UDP sweep attack.

If the alarm-without-drop option is not set, the device rejects the eleventh and all further UDP packets from that host for the remainder of the specified threshold period.

Options

threshold number—Maximum number of microseconds during which up to 10 UDP packets from the same host are allowed into the device. More than 10 requests from a host during this period triggers an UDP Sweep attack response on the device during the remainder of the second.

Range: 1000 through 1,000,000 microseconds

Default: 5000 microseconds

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.