Value of These Defenses

First characterizations
Network anomaly on UDP port 1434
Make determination about next step
Filter or rate limit

Second characterization
Sources for this traffic
Isolate sources

Can do this without detailed worm analysis
Details take hours to get