05-02-2012 07:44 AM
Hi, I have udp flood alert messages poping up all the time and last time they started happening alot nearly killed the FW cpu.
I also have udp flood protection on screening option but still I have floods
the weird thing is the floods coming from an ip which is not in my internal range and to my an ip address still not in my network. but it shows in my FW logs
UDP flood! From 192.168.60.XX:2313 to XXX.X.X.X:2313, proto UDP (zone XYZ, int ethernet0/1). Occurred 30123 times.
Ethernet 0/1 is my internet interface
ICMP ping id=0! From XXX.XX.X.XX to my ip address, proto 1 (zone XYZ, int ethernet0/1). Occurred 1 times.
in this scenario above I have icmp blocked still I get this
Screen system in the SSG320 Vers 6.0.0r4.0 how does that work ?
05-07-2012 12:18 AM
If XXX.X.X.X is not your public IP but the packets with this address as a destination IP are arriving at eth0/1, you should contact your ISP. Something is wrong with the routing.
192.168.60.XX may be a misconfigured device in the ISP backbone.