I am no networking expert, so I wanted to reach out to get some insight on our firewall log. I took a look at it yesterday and noticed constant UDP traffic from all kinds of random IP address/port combinations. I know that a distributed denial of service attack is supposed to flood the firewall with UDP traffic so I wonder if this is what is occuring. I have included the most recent table of data, the log continuously appears this way, this is just the most recent snapshot. We do host a web server behind our firewall so our ip address is public. I think our firewall is stopping any malicious attacks, but I think this has to be somewhat affecting our network and bandwidth availability. I notice users experiencing times where the internet is extra slow, or they have to load a web page multiple times to get it to come up.
I have read that there is not much that can be done about this, but obviously there has to be something. I mean what would a larger corporation do if they were being overwhelmed by something like this? Is there any way to report these ip's? I'm sure they are spoofed though. I am just at a loss and want to make sure I do anything I can to help improve this situation. I have used xxx in the log to hide the real ip address of our server, but from the log you should be able to get the gist of the traffic flow. Thanks for any help you can provide.