Getting flooded with 1e100.net Google UDP Portscan


  • I keep getting the flooded with google 1e100.net items blocked. Is it ok to suppress UDP Portscan for 122, sig_id 17 on everything or just google or should i have these blocked?

    #(portscan) UDP Portscan
    suppress gen_id 122, sig_id 17, track by_src, ip 216.58.196.209

    #(portscan) UDP Portscan
    suppress gen_id 122, sig_id 17, track by_src, ip 216.58.196.49

    #(portscan) UDP Portscan
    suppress gen_id 122, sig_id 17, track by_src, ip 216.58.209.240

    #(portscan) UDP Portscan
    suppress gen_id 122, sig_id 17, track by_src, ip 216.58.196.208


  • if they're blocks to normal google searches, let them pass. same with akamai blocks.