|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: 80/udp floods?
Wayne E. Bouchard [2/19/2004 6:16 AM] : May I suggest extending your ACLs to filter 0/0?Easy enough to fend off except for the TCP 80 bit. For most of these attacks, I've taken to just filtering the entire LACNIC and APNIC address delegations at the host level for the durration of the incident since, in the general case, my customers (the ones that suffer these incidents) do little if any business in that region. I have seen quite a lot of this from ARIN (mostly cablemodem land, 24/8) as well as RIPE space (again cablemodem land -> trojaned zombies?) srs -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
|