The defense policies for UDP services cover block, traffic limiting, and defense.
Block
Discards all UDP packets.
Traffic Limiting
Limits traffic to defend against attacks when UDP attack packets without features.
UDP Traffic Limiting: Limits traffic of all UDP packets destined for an IP address below Threshold.
UDP Fragment Rate Limiting Threshold: Limits traffic of all UDP fragments destined for an IP address below Threshold.
- UDP New Session Limiting: Limits the number of new UDP sessions to the destination IP address per second below the specified Threshold.
You are advised to set Bandwidth Threshold based on baseline learning. For details, see Configuring a Baseline Learning Task.
NOTE: - When UDP services are involved, normal services are affected.
- UDP traffic limiting does not apply to DNS packets.
Defense
For parameters, see Table 1.
Table 1 Configuring UDP attack defense Parameter Description Recommended Value UDP Malformed
Threshold
When the rate of UDP abnormal packets exceeds the Threshold value, all UDP packets are discarded.
The default value is 1000 pps.
UDP Flood Fingerprint Defense
Threshold
When the rate of UDP packets reaches the alert threshold, UDP fingerprint learning and payload check are enabled, and the UDP packets matching a specified fingerprint or payload are discarded.
The default value is 50 Mbps.
UDP Fragment Attack Defense
Threshold
Fingerprint Learning Parameter :Packet Length Learning, Learning mode, Offset (Byte), Fingerprint Length (Byte)
When the rate of UDP fragments reaches the alert threshold, UDP fragment fingerprint learning and payload check are enabled, and the UDP fragments matching a specified fingerprint or payload are discarded.
The default value is 50 Mbps.