SRX

Expand all | Collapse all

UDP Flood Threshhold issues

Jump to Best Answer
  • 1.  UDP Flood Threshhold issues

    Posted 09-18-2017 09:19

    I'm trying to configure my SRX and finding issues with UDP flood warnings from Gooogle and my voip providor.  I have already raised the threshhold to 5000 and am still seeing issues.   Doing some research is appears Google is using a protocol called QUIC (https://en.wikipedia.org/wiki/QUIC) which uses UDP 443 to deliver youtube.  Is there a way I can whitelist traffic from the screen?  I want to be able to whitelist QUIC traffic and traffic from my VoIP providor.



  • 2.  RE: UDP Flood Threshhold issues

    Posted 09-18-2017 11:01

    set zone untrust screen udp-flood ?

    See if you get an option such as source-address and you may be able complete a config like this: <voip-providers-ip> threshold <15000> A value you can tweek.



  • 3.  RE: UDP Flood Threshhold issues

    Posted 09-18-2017 13:50
    This is on an SRX300 running junos 15.1X49-90.7

    I did not exactly have that command, it looks like some examples I saw for ScreenOs. Here is what I got

    set security zones security-zone Internet screen untrust-screen ?
    Possible completions:
    <[Enter]> Execute this command
    > address-book Address book entries
    > advance-policy-based-routing-profile Enable Advance Policy Based Routing on this zone
    application-tracking Enable Application tracking support for this zone
    + apply-groups Groups from which to inherit configuration data
    + apply-groups-except Don't inherit configuration data from these groups
    description Text description of zone
    > host-inbound-traffic Allowed system services & protocols
    > interfaces Interfaces that are part of this zone
    source-identity-log Show user and group info in session log for this zone
    tcp-rst Send RST for NON-SYN packet not matching TCP session
    | Pipe through a command
    [edit]

    --
    Brian Christopher Raaen
    Network Engineer
    Northeast Georgia Health Systems
    Office: 770-219-9860
    Mobile: 770-295-8691
    -------------------------------------------------------------------------------- This e-mail communication, including any attached files may contain material that is proprietary, privileged, confidential, or otherwise legally exempt from disclosure. This e-mail communication is intended solely for the use of the individual or entity to which it is addressed. You may not re-disclose this information without additional consent or as required by law. Unauthorized re-disclosure or failure to safeguard PHI could subject us, or you, to penalties described in federal (HIPAA) and state law. If you, the reader of this message, are not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, please notify us immediately and destroy the related message. Northeast Georgia Health System, 743 Spring Street NE, Gainesville, GA 30501. www.nghs.com


  • 4.  RE: UDP Flood Threshhold issues

    Posted 09-18-2017 23:28

    Hi,

     

    I doubt that such whitelist is possible in the UDP flood though it's available for TCP SYN flood only.

     

    You can refer below links for the details:

    https://www.juniper.net/documentation/en_US/junos/topics/example/denial-of-service-network-udp-flood-protection-enabling-cli.html

     

    https://www.juniper.net/documentation/en_US/junos/topics/example/denial-of-service-network-syn-flood-whitelist-configuring.html

     

    Thanks,

    Vikas



  • 5.  RE: UDP Flood Threshhold issues
    Best Answer

     
    Posted 09-19-2017 02:38

    We cant do that. We need to increase the threshold.