80/udp floods?
Suresh Ramasubramanian
suresh at outblaze.com
Thu Feb 19 02:03:12 UTC 2004
Wayne E. Bouchard [2/19/2004 6:16 AM] :
> Easy enough to fend off except for the TCP 80 bit. For most of these
> attacks, I've taken to just filtering the entire LACNIC and APNIC
> address delegations at the host level for the durration of the
> incident since, in the general case, my customers (the ones that
> suffer these incidents) do little if any business in that region.
May I suggest extending your ACLs to filter 0/0?
I have seen quite a lot of this from ARIN (mostly cablemodem land, 24/8)
as well as RIPE space (again cablemodem land -> trojaned zombies?)
srs
--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations
More information about the NANOG
mailing list