SRX

Hi everyone,

edited:  Corrected the post.

Below Destination IP can be multicast  address or  it is just unicast address?

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-introduction-to-adp.html

Use the UDP flood IDS option to protect against UDP flood attacks. A UDP flood attack occurs when an attacker sends IP packets containing a UDP datagram with the purpose of slowing down the resources, such that valid connections can no longer be handled.

The threshold value defines the number of UDP packets per second allowed to ping the same destination IP address. When the number of packets exceeds this value within any 1-second period, the device generates an alarm and drops subsequent packets for the remainder of that second.

Thanks

The article specifies that it is for ScreenOS.  SRX does not run ScreenOS.

Fixed the post.

Thanks

Hi Sara

The SRX will check for a value on the Destination Address field in the IP header, it doesnt matter if it is a unicast IP address or a multicast IP addresss. With that info it determines the destination of the packets and if the number of packets destined to a specific value (destination address) exceeds the configured threshold in 1 second then the packets are dropped:

https://www.oreilly.com/library/view/juniper-srx-series/9781449339029/ch11.html

Are you expecting multicast traffic? If so, where is the firewall placed? Just for my understanding

Multicast  SRC-----SRX-------Switched network------RP-------Listener

SRX is  PIM enabled,  all ports onSRX  are layer 3 ports.

Default  value for UDP  Screen DDOS  protection is  1000 packets  per  second per destination.   That also means    is SRX sends   1000 packets  per second  per group  ,  SRX  will drop packet.

Thanks