[195778] in North American Network Operators' Group
Re: Protocol 17 floods from Vietnam & Mexico?
daemon@ATHENA.MIT.EDU (Mark Andrews)
Fri Sep 15 06:52:43 2017
X-Original-To: nanog@nanog.org
To: Large Hadron Collider <large.hadron.collider@gmx.com>
From: Mark Andrews <marka@isc.org>
In-reply-to: Your message of "Tue, 12 Sep 2017 19:20:13 -0700."
<08ed2903-c81c-aa2e-cd04-4fa117840d14@gmx.com>
Date: Wed, 13 Sep 2017 12:44:54 +1000
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
In message <08ed2903-c81c-aa2e-cd04-4fa117840d14@gmx.com>, Large Hadron Collider writes:
> Yes, I'm being UDP flooded. I worked that out by grepping /etc/protocols.
>
>
> On 12/09/2017 18:24, Matt Harris wrote:
> > Protocol 17 is UDP. UDP is pretty common on the internet. Not sure
> > why source and destination ports aren't being shown by your tool
> > there, might be malformed UDP packets designed to obscure themselves
> > from or otherwise evade some intrusion detection or firewall systems.
No ports are listed because they are not the initial fragment of
the UDP packet. Only the initial fragment that contains the UDP
header has the ports reported.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
