Re: 80/udp floods?

[Suresh Ramasubramanian <suresh () outblaze com>]

Wayne E. Bouchard  [2/19/2004 6:16 AM] :

> Easy enough to fend off except for the TCP 80 bit. For most of these
> attacks, I've taken to just filtering the entire LACNIC and APNIC
> address delegations at the host level for the durration of the
> incident since, in the general case, my customers (the ones that
> suffer these incidents) do little if any business in that region.

May I suggest extending your ACLs to filter 0/0?

I have seen quite a lot of this from ARIN (mostly cablemodem land, 24/8) 
as well as RIPE space (again cablemodem land -> trojaned zombies?)

        srs

--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations