For several hours now, amprgw has been seeing a storm of traceroutes from hundreds of different source addresses. It looks like a botnet has been activated to probe net 44 using short-TTL packets like traceroute.
In reaction to this, I've temporarily set the gateway to discard any packet with a TTL of less than 30. (The TTL is decremented by one when the packet is forwarded; normally, of course, only packets with a TTL value of zero are discarded.)
Interesting... is it real traceroute traffic (to UDP port 33434 and higher) or is it different?
I have had this rule (with TTL limit 16 and only for UDP 33434-33499) on our gateway for quite some time and I do not see many hits on it.
Maybe the traffic is different. I do not observe increased input traffic.
Rob