Understanding UDP Flood Attacks

Similar to an ICMP flood, a UDP flood occurs when an attacker sends IP packets containing UDP datagrams with the purpose of slowing down the victim to the point that the victim can no longer handle valid connections.

After enabling the UDP flood protection feature, you can set a threshold that, once exceeded, invokes the UDP flood attack protection feature. (The default threshold value is 1000 packets per second, or pps.) If the number of UDP datagrams from one or more sources to a single destination and UDP port exceeds this threshold, Junos OS ignores further UDP datagrams to that destination and port for the remainder of that second plus the next second as well. See Figure 80.

Figure 80: UDP Flooding

Image UDP_flood.gif

Related Topics

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.