Configuring ICMP Flood Attack Screen
This topic describes how to configure detection of an ICMP flood attack.
An ICMP flood typically occurs when an ICMP echo request overloads the victim with many requests such that the ICMP echo request spends all its resources responding until it can no longer process valid network traffic. When enabling the ICMP flood protection feature, you can set a threshold that, once exceeded, invokes the ICMP flood attack protection feature.
Configure the security screen option and attach it to the untrustZone as follows:
[edit] user@host# set security screen ids-option untrustScreen icmp flood user@host# set security screen ids-option untrustScreen alarm-without-drop user@host# set security zones security-zone untrustZone screen untrustScreen