Hey guys, we are looking into getting a new firewall and it needs to have the ability to block UDP floods and spoofed ip's rather well. Our budget is a max of $600, and any suggestions would be greatly appreciated.
Your budget kind of sucks for what you're trying to do, especially when one of your goals is to block what I assume are DDoS attacks...
I believe the Cisco ASA5500's can filter spoofed packets and you might be able to find one around your budget. I'm not sure of the UDP filtering capability or how many PPS it supports which is really the important thing when it comes to DDoS attacks. Another option is to setup a NetBSD or FreeBSD box with pf and go from there... rather complicated option at that if you're not familiar with the software, but probably the best bang for your money in my opinion.
A firewall cannot detect spoofed IPs.
If you received packets from IPs 184.108.40.206 or 220.127.116.11, it would have no way to know whether they are spoofed or not.
It can only do some basic reverse-path filtering (and so does your kernel).
★ NinjaFirewall : Web Application Firewall for PHP and WordPress.
★ NinjaMonitoring : Monitor your website for suspicious activities.