Configuring Udp Flooding Protection - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Configuring ScreenOS Devices Guide
Table 15: Thresholds for SYN segments
Threshold Types
Threshold
Alarm Threshold
Source Threshold
Destination Threshold
Timeout Value
Queue Size

Configuring UDP Flooding Protection

Related
Documentation
42
connection requests. Incomplete connection requests remain in the queue until the
connection completes or the request times out.
To protect targets in the security zone from SYN floods, enable SYN Flood Protection
and configure the thresholds for SYN segments passing through the zone as described
in Table 15 on page 42.
Your Action
Configure the number of SYN packets (TCP segments with the SYN flag set) per second
required for the security device to begin SYN proxy. This threshold is the total number of
packets passing through the zone, from all sources to all destinations.
Configure the number of proxied TCP connection requests required to generate an alarm
in an alarm log entry for the event.
Configure the number of SYN packets per second from a single IP address required for
the security device to begin rejecting new connection requests from that source.
Configure the number of SYN packets per second to a single IP address required for the
security device to begin rejecting new connection requests to that destination.
Configure the number of seconds the security device holds an incomplete TCP connection
attempt in the proxied connection queue.
Configure the number of proxied TCP connection requests held in the proxied connection
queue before the security device begins rejecting new connection requests.
Security devices currently support UDP for incoming SIP calls. To protect targets in the
security zone against UDP flooding by incoming SIP traffic, enable UDP Flooding
Protection. The security device can limit the number of UDP packets that can be received
by an IP address, preventing incoming SIP calls from overwhelming a target.
NOTE: UDP Flood Protection appears only for devices running ScreenOS 5.1
and later.
SIP signaling traffic consists of request and response messages between client and server
and uses transport protocols such as UDP or TCP. The media stream carries the data
(for example, audio data), and uses Application Layer protocols such as RTP (Real-Time
Transport Protocol) over UDP.
Predefined Screen Options Overview on page 40
HTTP Components and MS-Windows Defense Method on page 43
Protection Against Scans, Spoofs, and Sweeps on page 44
Copyright © 2010, Juniper Networks, Inc.