Automatick Block when Detect UDP Flood

How to make Automatick Block when Detect UDP Flood ?

help guys

Flood detection used to be built-in to the firewall. At one point, I believe version 3.x had an interface where the settings for various types of ‘flood’ could be adjusted. In later versions of CIS the interface has been removed but the settings are still available in the installation file and post installation, the registry:

HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Settings

Basically, CIS is set to allow a certain number of inbound packets for a set duration, before initiating flood control. The default figures for number of packets per second and duration are set at 20 packets per second for a continuous duration of 20 seconds, this is for TCP, UDP and ICMP. If the number of inbound packets exceeds these values, CIS blocks all further inbound traffic, except that in response a previously generated request, for 120 seconds. CIS also has parameters for dealing with port scans and the amount of time an assumed ‘attacker’ will be blocked. Whether these settings still work or not is debatable, so i wouldn’t place to much trust in them.

I’ve attached an image of the old interface for reference. Personally, unless you really understand what you’re doing, I’d leave the values in the registry alone. You’d be better of buying a router with additional flood protection, assuming you don’t already have one.

[attachment deleted by admin]

And even if you block UDP packets from entering the system any further then the Firewall layer, this won’t stop the attacker from submitting them.
So it keeps flooding your Internet link, not much you can do except ask your ISP to police the UDP flood on your link.