[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

udp

See the following sections:

udp (Protocol Binding Custom Attack)

Syntax



udp {
minimum-port port-number maximum-port port-number;
}

Hierarchy Level



[edit security idp custom-attack  attack-name attack-type chain
protocol-binding]
[edit security idp custom-attack attack-name attack-type signature
protocol-binding]

Release Information

Statement introduced in Release 9.3 of JUNOS software.

Description

Allow IDP to match the attack for specified UDP port(s).

This statement is supported on SRX-series devices.

Options

minimum-portport-number—Minimum port in the port range.
maximum-portport-number—Maximum port in the port range.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

udp (Security Screen)

Syntax



udp {


flood {
threshold                number             ;
}


}

Hierarchy Level



[edit security screen ids-option            screen-name         ]

Release Information

Statement introduced in Release 8.5 of JUNOS software.

Description

Specify the number of packets allowed per second to the same destination IP address/port pair. When the number of packets exceeds this value within any 1-second period, the device generates an alarm and drops subsequent packets for the remainder of that second.

This statement is supported on J-series and SRX-series devices.

Options

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

udp (Signature Attack)

Syntax



udp {


data-length {
match (equal | greater-than
| less-than | not-equal);
value   
            data-length             ;
}




destination-port {
match (equal | greater-than
| less-than | not-equal);
value   
            destination-port             ;
}




source-port {
match (equal | greater-than
| less-than | not-equal);
value   
            source-port             ;
}


}

Hierarchy Level



[edit security idp custom-attack            attack-name          attack-type signature protocol]

Release Information

Statement introduced in Release 9.3 of JUNOS software.

Description

Allow IDP to match the UDP header information for the signature attack.

This statement is supported on SRX-series devices.

Options

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]