Understanding UDP Flood Attacks
Similar to an ICMP flood, a UDP flood occurs when an attacker sends IP packets containing UDP datagrams with the purpose of slowing down the victim to the point that the victim can no longer handle valid connections.
After enabling the UDP flood protection feature, you can set a threshold that, once exceeded, invokes the UDP flood attack protection feature. (The default threshold value is 1000 packets per second, or pps.) If the number of UDP datagrams from one or more sources to a single destination exceeds this threshold, JUNOS Software ignores further UDP datagrams to that destination for the remainder of that second plus the next second as well. See Figure 78.
Figure 78: UDP Flooding
Related Topics
- JUNOS Software Feature Support Reference for SRX Series and J Series Devices