[22111] in North American Network Operators' Group
Help with identifying a kind of attack.
daemon@ATHENA.MIT.EDU (Thom Youngblood)
Tue Dec 8 17:56:51 1998
Reply-To: <thom@cais.net>
From: "Thom Youngblood" <thom@cais.net>
To: "North America Network Operators Group" <nanog@merit.edu>
Date: Tue, 8 Dec 1998 17:07:57 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've been tracking an attack all day long, and have been frustrated
trying to figure out both what was being attacked, and how. Finally,
I realized it was *not* ICMP, UDP, or TCP.
#sh access-lists 151
Extended IP access list 151
permit icmp any 20.0.0.0 0.255.255.255 (1023 matches)
permit udp any 20.0.0.0 0.255.255.255 (4347 matches)
permit tcp any 20.0.0.0 0.255.255.255 (86444 matches)
deny ip any 20.0.0.0 0.255.255.255 (5547308 matches)
permit ip any any (4450563 matches)
In the above, notice the disparity? So, my question is...
What the hell kind of packet is it if it's not ICMP, UDP, or TCP?
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com>
iQA/AwUBNm2jB2fkezbzToVaEQIQQQCgllupf+cmax8w5n/RgYhlATz+BuQAn38r
Di2Ec9bI2Prrahm9yKp5rohS
=/qOm
-----END PGP SIGNATURE-----
