SonicOS 7.0 Objects

Table of Contents

UDP Flood Protection

UDP Flood Attacks are a type of denial-of-service (DoS) attack. They are initiated by sending a large number of UDP packets to random ports on a remote host. As a result, resources of the victimized system are consumed with handling the attacking packets, which eventually causes the system to be unreachable by other clients.

SonicWall UDP Flood Protection defends against these attacks by using a watch and block method. The appliance monitors UDP traffic to a specified destination. If the rate of UDP packets per second exceeds the allowed threshold for a specified duration of time, the appliance drops subsequent UDP packets to protect against a flood attack.

UDP packets that are DNS query or responses to or from a DNS server configured by the appliance are allowed to pass, regardless of the state of UDP Flood Protection.

To configure UDP Flood Protection

  1. Navigate to OBJECT | Action Profiles > DoS Action Profile.

  2. Do one of the following:

    • Add a new DoS Action Profile.

      1. Click the Add icon.
      2. Enter a friendly DoS Rule Action Name.

    • Edit an existing DoS Action Profile.

      Hover over an existing DoS Action Profile and click the Edit icon.

  3. Click Flood Protection > UDP Flood Protection option.

  4. Enable UDP Flood Protection to enable UDP flood protection and enable the other UDP Flood Protection options.

  5. Make the necessary changes to the default values.

    UDP Flood Attack Threshold

    The maximum number of UDP packets allowed per second to be sent to a host, range, or subnet that triggers UDP Flood Protection. Exceeding this threshold triggers UDP Flood Protection.

    The minimum value is 50, the maximum value is 1000000, and the default value is 1000.
    UDP Flood Attack Blocking Time

    After the appliance detects the rate of UDP packets exceeding the attack threshold for this duration of time, UDP Flood Protection is activated and the appliance begins dropping subsequent UDP packets.

    The minimum time is 1 second, the maximum time is 120 seconds, and the default time is 2 seconds.
  6. Click Save.
  7. Click Cancel to go back to the DoS Action Profile page or proceed with other configurations.