[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

flood

See the following sections:

flood (ICMP)

Syntax

flood {
threshold number ;
}

Hierarchy Level

[edit security screen ids-option screen-name icmp]

Release Information

Statement modified in Release 9.2 of JUNOS software.

Description

Configure the device to detect and prevent Internet Control Message Protocol (ICMP) floods. An ICMP flood occurs when ICMP echo requests are broadcast with the purpose of flooding a system with so much data that it first slows down, and then times out and is disconnected. The threshold defines the number of ICMP packets per second allowed to ping the same destination address before the device rejects further ICMP packets.

This statement is supported on J-series and SRX-series devices.

Options

threshold number —Number of ICMP packets per second allowed to ping the same destination address before the device rejects further ICMP packets.

Range: 1 through 100000 per second
Default: 1000 per second

Note: For SRX-series devices the applicable range is 1 through 4000000 per second.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

flood (UDP)

Syntax

flood {
threshold number ;
}

Hierarchy Level

[edit security screen ids-option screen-name udp]

Release Information

Statement modified in Release 9.2 of JUNOS software.

Description

Configure the device to detect and prevent UDP floods. UDP flooding occurs when an attacker sends UDP packets to slow down the system to the point that it can no longer process valid connection requests.

The threshold defines the number of UDP packets per second allowed to ping the same destination IP address/port pair. When the number of packets exceeds this value within any 1-second period, the device generates an alarm and drops subsequent packets for the remainder of that second.

This statement is supported on J-series and SRX-series devices.

Options

threshold number —Number of UDP packets per second allowed to ping the same destination address before the device rejects further UDP packets.

Range: 1 through 100000 per second
Default: 1000 per second

Note: For SRX-series devices the applicable range is 1 through 4000000 per second.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]