• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Getting flooded with 1e100.net Google UDP Portscan

IDS/IPS
2
2
1.2k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    rcmpayne
    last edited by Jan 25, 2017, 2:29 AM

    I keep getting the flooded with google 1e100.net items blocked. Is it ok to suppress UDP Portscan for 122, sig_id 17 on everything or just google or should i have these blocked?

    #(portscan) UDP Portscan
    suppress gen_id 122, sig_id 17, track by_src, ip 216.58.196.209

    #(portscan) UDP Portscan
    suppress gen_id 122, sig_id 17, track by_src, ip 216.58.196.49

    #(portscan) UDP Portscan
    suppress gen_id 122, sig_id 17, track by_src, ip 216.58.209.240

    #(portscan) UDP Portscan
    suppress gen_id 122, sig_id 17, track by_src, ip 216.58.196.208

    1 Reply Last reply Reply Quote 0
    • C
      coffeecup25
      last edited by Jan 26, 2017, 7:44 PM

      if they're blocks to normal google searches, let them pass. same with akamai blocks.

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.