[17511] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Attack/DoS

daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Wed Jun 3 23:53:55 1998

To: "Todd R. Stroup" <tstroup@fnsi.net>
cc: nanog@merit.edu, bugtraq@netspace.org, sysadmin@MFN.ORG
In-reply-to: Your message of "Wed, 03 Jun 1998 17:52:52 EDT."
             <Pine.SGI.3.91.980603174647.5089x-100000@optical> 
Reply-To: perry@piermont.com
Date: Wed, 03 Jun 1998 23:38:24 -0400
From: "Perry E. Metzger" <perry@piermont.com>


"Todd R. Stroup" writes:
> Don't know if it is just me.  But over the last 10 hours we have been
> seeing attacks on port 0 from port 0 (both tcp and udp) on several clients
> networks.  I have also seen the same attack on port udp 53(DNS). 
> 
> Anyone have any information on this?  

What do you mean by an "attack"? Are you being flooded? Are the
packets somehow "interesting"? Without details the information is
useless.

Port 0, btw, is not generally valid, and most proper TCP and UDP
implementations will just send an ICMP Unreachable back when they get
such a packet.

Perry

home help back first fref pref prev next nref lref last post