ScreenOS Firewalls (NOT SRX)
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
dicappy
Contributor
dicappy
Posts: 13
Registered: ‎08-29-2010
0

UDP Flood

Options

‎05-02-2012 07:44 AM

Hi, I have udp flood alert messages poping up all the time and last time they started happening alot nearly killed the FW cpu.

I also have udp flood protection on screening option but still I have floods

the weird thing is the floods coming from an ip which is not in my internal range and to my an ip address still not in my network. but it shows in my FW logs

like :

 

UDP flood! From 192.168.60.XX:2313 to XXX.X.X.X:2313, proto UDP (zone XYZ, int ethernet0/1). Occurred 30123 times.

Ethernet 0/1 is my internet interface

 

 

 

 

ICMP ping id=0! From XXX.XX.X.XX to my ip address, proto 1 (zone XYZ, int ethernet0/1). Occurred 1 times.

in this scenario above I have icmp blocked still I get this

 

Screen system in the SSG320 Vers 6.0.0r4.0 how does that work ?

Message 1 of 3 (274 Views)
 
Reply
dicappy
Contributor
dicappy
Posts: 13
Registered: ‎08-29-2010
0

Re: UDP Flood

Options

‎05-06-2012 03:43 AM

Anyone ?

Message 2 of 3 (248 Views)
 
Reply
Distinguished Expert
Distinguished Expert
echidov
Posts: 833
Registered: ‎11-02-2009
0

Re: UDP Flood

Options

‎05-07-2012 12:18 AM

Hi,

 

If XXX.X.X.X is not your public IP but the packets with this address as a destination IP are arriving at eth0/1, you should contact your ISP. Something is wrong with the routing.

192.168.60.XX may be a misconfigured device in the ISP backbone.

Kind regards,
Edouard
Message 3 of 3 (237 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.