|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Milk attack
Hi! Mr.Nash. As you wrote, 11 is udp protocol and Src port is 0x0498(=1176) and dest port is 0x17(=23). If you want to filter it ,In your Bordor router , access-list 106 deny udp host 208.10.5.2 host dest.IP log-in and then ,at your serial port ip access-list 107 in That's all. Regards, On Thu, 1 Oct 1998, Steve Nash wrote: > Im curious if anyone knows of the "milk" attack. Our network was just > slammed by such > an attack for about an hour all aimed at one of our core routers. A "sh > ip cache x.x.x.x x.x.x.x fl" > on it showed this: > > SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts B/Pk > Active > Fa0/0 208.10.5.2 Local X.X.X.X 11 0498 0017 > 164K1028 985.3 > > except from 10 to 15 hosts all nailing us at the same time. The > protocol as you see is "11" which > I have been unable to find information about. There was no way to > filter it and access-lists denying > protocol "11" showed 0 matches. Anyone have any ideas? > > -- > \\|// > -(@ @)- > ==oOO==(_)==OOo========================================================= > Steven Nash > [email protected] > l i g h t n i n g i n t e r n e t s e r v i c e s l l c > Chief Backbone Engineer -- Network Engineering > http://www.lightning.net > > > -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* KORNET Network Assistance Manager(Centural O&M Center) - Voice : 82-2-766-5902 -Fax : 82-2-766-5901 -E-Mail : [email protected] ====================================================================
|