The defense policies for UDP services cover block, traffic limiting, and defense.
-
Discards all UDP packets.
-
Limits traffic to defend against attacks when UDP attack packets without features.
UDP Traffic Limiting: Limits traffic of all UDP packets destined for an IP address below Threshold.
UDP Fragment Rate Limiting Threshold: Limits traffic of all UDP fragments destined for an IP address below Threshold.
UDP New Session Limiting: Limits the number of new UDP sessions to the destination IP address per second below the specified Threshold.
You are advised to set Bandwidth Threshold based on baseline learning. For details, see Configuring a Baseline Learning Task.
- When UDP services are involved, normal services are affected.
- UDP traffic limiting does not apply to DNS packets.
-
For parameters, see Table 1.
Table 1 Configuring UDP attack defense Parameter
Description
Recommended Value
UDP Malformed
Threshold
When the rate of UDP abnormal packets exceeds the Threshold value, all UDP packets are discarded.
The default value is 1000 pps.
UDP Flood Fingerprint Defense
Threshold
When the rate of UDP packets reaches the alert threshold, the UDP payload check function is enabled, and UDP packets with abnormal payloads are discarded.
The default value is 50 Mbit/s.
UDP Fragment Attack Defense
Threshold
When the rate of UDP fragments reaches the alert threshold, the UDP payload check function is enabled, and UDP packets with abnormal payloads are discarded.
The default value is 50 Mbit/s.
UDP Behavior Analysis
Interval
The interval for UDP behavior analysis can be configured.
The UDP behavior analysis function takes effect only after at least one of UDP Traffic Limiting, UDP Fragment Rate Limiting, UDP Malformed, UDP Flood Fingerprint Defense, and UDP Fragment Attack Defense in traffic limiting is enabled.
The default value is 6s.