nanog mailing list archives
Re: 80/udp floods?
From: Suresh Ramasubramanian <suresh () outblaze com>
Date: Thu, 19 Feb 2004 07:33:12 +0530
Wayne E. Bouchard [2/19/2004 6:16 AM] :
Easy enough to fend off except for the TCP 80 bit. For most of these attacks, I've taken to just filtering the entire LACNIC and APNIC address delegations at the host level for the durration of the incident since, in the general case, my customers (the ones that suffer these incidents) do little if any business in that region.
May I suggest extending your ACLs to filter 0/0?I have seen quite a lot of this from ARIN (mostly cablemodem land, 24/8) as well as RIPE space (again cablemodem land -> trojaned zombies?)
srs -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
Current thread:
- 80/udp floods? Scott Call (Feb 18)
- Re: 80/udp floods? Wayne E. Bouchard (Feb 18)
- Re: 80/udp floods? Deepak Jain (Feb 18)
- Re: 80/udp floods? Suresh Ramasubramanian (Feb 18)
- Re: 80/udp floods? Wayne E. Bouchard (Feb 18)