All,

Consider the following

- a virus, malicious person, or by accident, a source address is set to 8.8.8.8 - you run a port scan to your job, a test IP, etc. - They have intrusion detection - They use Google DNS

It seems a DDoS attack could be very easily launched. Perhaps those folks could sill consider making an ipset of allowed outbound IP addresses.

Also be careful how you block your own rules, an attacker spoofing the IP of common addresses could cause DoS. If you were attempting to connect to your IP, a man-in-the-middle attack (or someone who otherwise learns the destination IP and port) would make it seem as you were always blocked (but your firewall hits are greater than you expect). Theres probably common if you change the port and your corporate network team at work begin to see low bandwidth encrypted links on an unknown port.

73,

-Lynwood KB3VWG