North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Help with identifying a kind of attack.

  • From: Thom Youngblood
  • Date: Tue Dec 08 18:02:21 1998

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I've been tracking an attack all day long, and have been frustrated
trying to figure out both what was being attacked, and how.  Finally,
I realized it was *not* ICMP, UDP, or TCP.

#sh access-lists 151
Extended IP access list 151
    permit icmp any 20.0.0.0 0.255.255.255 (1023 matches)
    permit udp any 20.0.0.0 0.255.255.255 (4347 matches)
    permit tcp any 20.0.0.0 0.255.255.255 (86444 matches)
    deny   ip any 20.0.0.0 0.255.255.255 (5547308 matches)
    permit ip any any (4450563 matches)


In the above, notice the disparity?  So, my question is...

What the hell kind of packet is it if it's not ICMP, UDP, or TCP?


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com>

iQA/AwUBNm2jB2fkezbzToVaEQIQQQCgllupf+cmax8w5n/RgYhlATz+BuQAn38r
Di2Ec9bI2Prrahm9yKp5rohS
=/qOm
-----END PGP SIGNATURE-----