[20071] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Milk attack

daemon@ATHENA.MIT.EDU (Steve Nash)
Fri Oct 2 00:24:46 1998

Date: Thu, 01 Oct 1998 17:26:57 -0400
From: Steve Nash <snash@lightning.net>
To: nanog@merit.edu

Im curious if anyone knows of the "milk" attack.  Our network was just
slammed by such
an attack for about an hour all aimed at one of our core routers.  A "sh
ip cache x.x.x.x x.x.x.x fl"
on it showed this:

SrcIf    SrcIPaddress  DstIf  DstIPaddress    Pr SrcP DstP Pkts B/Pk
Active
Fa0/0    208.10.5.2      Local    X.X.X.X           11 0498 0017
164K1028  985.3

except from 10 to 15 hosts all nailing us at the same time.  The
protocol as you see is "11" which
I have been unable to find information about.  There was no way to
filter it and access-lists denying
protocol "11" showed 0 matches.  Anyone have any ideas?

--
      \\|//
     -(@ @)-
==oOO==(_)==OOo=========================================================
Steven Nash
snash@lightning.net
l i g h t n i n g  i n t e r n e t  s e r v i c e s  l l c
Chief Backbone Engineer -- Network Engineering
http://www.lightning.net


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[20071] in North American Network Operators' Group

Milk attack

daemon@ATHENA.MIT.EDU (Steve Nash)Fri Oct 2 00:24:46 1998

daemon@ATHENA.MIT.EDU (Steve Nash)
Fri Oct 2 00:24:46 1998