80/udp floods?

• Previous message (by thread): 80/udp floods?
• Next message (by thread): standard transit arrangements
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Wayne E. Bouchard  [2/19/2004 6:16 AM] :

> Easy enough to fend off except for the TCP 80 bit. For most of these
> attacks, I've taken to just filtering the entire LACNIC and APNIC
> address delegations at the host level for the durration of the
> incident since, in the general case, my customers (the ones that
> suffer these incidents) do little if any business in that region.

May I suggest extending your ACLs to filter 0/0?

I have seen quite a lot of this from ARIN (mostly cablemodem land, 24/8) 
as well as RIPE space (again cablemodem land -> trojaned zombies?)

	srs

-- 
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations

• Previous message (by thread): 80/udp floods?
• Next message (by thread): standard transit arrangements
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]