Hi Abed & Ben,
Firstly, apologies for the delayed response.
Thank you for your inputs.Yes, i agree it depends on the traffic volume on the device and accordingly i need to set up a threshold value. We have a lot of Voice & Video traffic so its really difficult to judge. Also, i agree incase i permit the UDP packet and just have an alarm raised it will spike up my (eventd process) CPU again as all the message logs are generated and stored on the device itself .I do not have a syslog in place as of now where i could send the logs.
What's the ideal UDP flood attack in PPS ? as i havent come across that issue and i do not have much information on that..I could set the threshold to 10k but i am not sure if the attack can occour below the threshold value. Sorry if its illogical.
Also i have IDP Signature with the recommended policy in place and applied on security policies.
Will the UDP DOS or DDOS attack will be taken care of ? Do i need Screening as an additional security feature.
Please let me know your suggestions/recommendation on this. Appreciate your help.
Thanks,
Kunal Tupe