ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

UDP Flood

05.02.12   |  
‎05-02-2012 07:44 AM

Hi, I have udp flood alert messages poping up all the time and last time they started happening alot nearly killed the FW cpu.

I also have udp flood protection on screening option but still I have floods

the weird thing is the floods coming from an ip which is not in my internal range and to my an ip address still not in my network. but it shows in my FW logs

like :


UDP flood! From 192.168.60.XX:2313 to XXX.X.X.X:2313, proto UDP (zone XYZ, int ethernet0/1). Occurred 30123 times.

Ethernet 0/1 is my internet interface





ICMP ping id=0! From XXX.XX.X.XX to my ip address, proto 1 (zone XYZ, int ethernet0/1). Occurred 1 times.

in this scenario above I have icmp blocked still I get this


Screen system in the SSG320 Vers 6.0.0r4.0 how does that work ?

ScreenOS Firewalls (NOT SRX)

Re: UDP Flood

05.06.12   |  
‎05-06-2012 03:43 AM

Anyone ?

ScreenOS Firewalls (NOT SRX)

Re: UDP Flood

05.07.12   |  
‎05-07-2012 12:18 AM



If XXX.X.X.X is not your public IP but the packets with this address as a destination IP are arriving at eth0/1, you should contact your ISP. Something is wrong with the routing.

192.168.60.XX may be a misconfigured device in the ISP backbone.

Kind regards,