UDP Tab

Topics:
UDP Settings
UDP Flood Protection
UDP Traffic Statistics

UDP Settings

Default UDP Connection Timeout (seconds) - The number of seconds of idle time you want to allow before UDP connections time out. This value is overridden by the UDP Connection timeout you set for individual rules.

UDP Flood Protection

UDP Flood Attacks are a type of denial-of-service (DoS) attack. They are initiated by sending a large number of UDP packets to random ports on a remote host. As a result, the victimized system’s resources are consumed with handling the attacking packets, which eventually causes the system to be unreachable by other clients.

SonicWALL UDP Flood Protection defends against these attacks by using a “watch and block” method. The appliance monitors UDP traffic to a specified destination. If the rate of UDP packets per second exceeds the allowed threshold for a specified duration of time, the appliance drops subsequent UDP packets to protect against a flood attack.

UDP packets that are DNS query or responses to or from a DNS server configured by the appliance are allowed to pass, regardless of the state of UDP Flood Protection.

The following settings configure UDP Flood Protection:
Enable UDP Flood Protection – Enables UDP Flood Protection. This option is not selected by default.
* 
NOTE: Enable UDP Flood Protection must be enabled to activate the other UDP Flood Protection options.
UDP Flood Attack Threshold (UDP Packets / Sec) – The maximum number of UDP packets allowed per second to be sent to a host, range, or subnet that triggers UDP Flood Protection. Exceeding this threshold triggers ICMP Flood Protection.The minimum value is 50, the maximum value is 1000000, and the default value is 1000.
UDP Flood Attack Blocking Time (Sec) – After the appliance detects the rate of UDP packets exceeding the attack threshold for this duration of time, UDP Flood Protection is activated and the appliance begins dropping subsequent UDP packets. The minimum time is 1 second, the maximum time is 120 seconds, and the default time is 2 seconds.
UDP Flood Attack Protected Destination List – The destination address object or address group that will be protected from UDP Flood Attack. The default value is Any.
* 
TIP: Select Any to apply the Attack Threshold to the sum of UDP packets passing through the firewall.

UDP Traffic Statistics

The UDP Traffic Statistics table provides statistics as shown in Table 73. To clear and restart the statistics displayed by a table, click the Clear Stats icon for the table.

 

Table 73. UDP Traffic Statistics

This statistic

Is incremented/displays

Connections Opened

When a connection is opened.

Connections Closed

When a connection is closed.

Total UDP Packets

With every processed UDP packet.

Validated Packets Passed

When a UDP packet passes checksum validation (while UDP checksum validation is enabled).

Malformed Packets Dropped

When:
UDP checksum fails validation (while UDP checksum validation is enabled).
The UDP header length is calculated to be greater than the packet’s data length.

UDP Floods In Progress

The number of individual forwarding devices currently exceeding the UDP Flood Attack Threshold.

Total UDP Floods Detected

The total number of events in which a forwarding device has exceeded the UDP Flood Attack Threshold.

Total UDP Flood Packets Rejected

The total number of packets dropped because of UDP Flood Attack detection.

Clicking on the Statistics icon displays a pop-up dialog showing the most recent rejected packets: