LinuxSecurity: "The first method of stopping a DoS attack is simply to drop all traffic related to the target hosts. This is a good tactic for a
nonessential protocol, like ICMP (Internet Control Message Protocol), but dropping TCP or UDP (User Datagram Protocol) can
impact legitimate traffic, such as HTTP or DNS. However, denying all traffic does keep the attack traffic from impacting the
target; thus, in some cases (like a SYN flood), this is better than nothing."
December 10, 2001