Getting flooded with 1e100.net Google UDP Portscan

IDS/IPS
Log in to reply
  • R

    I keep getting the flooded with google 1e100.net items blocked. Is it ok to suppress UDP Portscan for 122, sig_id 17 on everything or just google or should i have these blocked?

    #(portscan) UDP Portscan
    suppress gen_id 122, sig_id 17, track by_src, ip 216.58.196.209

    #(portscan) UDP Portscan
    suppress gen_id 122, sig_id 17, track by_src, ip 216.58.196.49

    #(portscan) UDP Portscan
    suppress gen_id 122, sig_id 17, track by_src, ip 216.58.209.240

    #(portscan) UDP Portscan
    suppress gen_id 122, sig_id 17, track by_src, ip 216.58.196.208

    0
  • C

    if they're blocks to normal google searches, let them pass. same with akamai blocks.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy