11-25-03 DDoS Juniper Filter

["Phil Rosenthal" <pr () isprime com>]

We have installed the following on all network ingress/egress points,
and have found it to filter the packets in question very effectively:

> show configuration firewall filter filter-012503
term deny-dos {
    from {
        packet-length 404;
        protocol udp;
        destination-port 1434;
    }
    then {
        count codered-4;
        discard;
    }
}
term allow-rest {
    then accept;
}

--Phil
ISPrime