UDP bombs are very easy to defend against at the network level.

  • You only have to stop one packet from entering your network in order to stop all that follow.
  • Use Access Control lists (ACLs) to block all incoming packets with destinations of the chargen or echo ports.
  • Packets that spoof your IP address can also be easily stopped; turn off these options on your hosts if they are not needed.