North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: 80/udp floods?

  • From: Suresh Ramasubramanian
  • Date: Wed Feb 18 21:06:40 2004

Wayne E. Bouchard  [2/19/2004 6:16 AM] :

Easy enough to fend off except for the TCP 80 bit. For most of these
attacks, I've taken to just filtering the entire LACNIC and APNIC
address delegations at the host level for the durration of the
incident since, in the general case, my customers (the ones that
suffer these incidents) do little if any business in that region.
May I suggest extending your ACLs to filter 0/0?

I have seen quite a lot of this from ARIN (mostly cablemodem land, 24/8) as well as RIPE space (again cablemodem land -> trojaned zombies?)


srs (postmaster|suresh) // gpg : EDEDEFB9
manager, security and antispam operations