SRX Services Gateway
Highlighted
SRX Services Gateway

same source udp flood

‎05-13-2015 12:58 PM

we have an SRX 3600 with 3xSPC and 1xNPC and 2x10G ioc

We are getting an attack with 250Mbps / 300Kpps UDP flood with 48Byte packets

 

We do not want to use screen options because the connections from the same ip does not create sessions so source session limit is not work on this. 

Destination session limit also not work on this attack

 

If we use udp threshold limit it cause dropping all stream connections on victim ip

 

we try a filter like that :

 

            term 0 {
                from {
                    packet-length 0-40;
                    protocol udp;
                }
                then {
                    count yummy;
                    discard;
                }
            }

 

 

It worked but  srx dropping all connections after a while. It starts increasing ping and lost connection after 300K pps 

How we should over come this issue ?