We are seeing a rather large tcp port 80 flood towards a customer. They are hitting the whole block on 63.150.4.0/24. We are rate limiting syns which seems to be helping but would like assistance in identifying the c&c and getting bots cleaned up. TIA Sharing: Author's permission required. Donald.Smith at qwest.com gcia