North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Help with identifying a kind of attack.
maybe EGP? :-/ dave At 05:07 PM 12/8/98 -0500, Thom Youngblood wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > >I've been tracking an attack all day long, and have been frustrated >trying to figure out both what was being attacked, and how. Finally, >I realized it was *not* ICMP, UDP, or TCP. > >#sh access-lists 151 >Extended IP access list 151 > permit icmp any 20.0.0.0 0.255.255.255 (1023 matches) > permit udp any 20.0.0.0 0.255.255.255 (4347 matches) > permit tcp any 20.0.0.0 0.255.255.255 (86444 matches) > deny ip any 20.0.0.0 0.255.255.255 (5547308 matches) > permit ip any any (4450563 matches) > > >In the above, notice the disparity? So, my question is... > >What the hell kind of packet is it if it's not ICMP, UDP, or TCP? > > >-----BEGIN PGP SIGNATURE----- >Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com> > >iQA/AwUBNm2jB2fkezbzToVaEQIQQQCgllupf+cmax8w5n/RgYhlATz+BuQAn38r >Di2Ec9bI2Prrahm9yKp5rohS >=/qOm >-----END PGP SIGNATURE----- > > >
|