North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Help with identifying a kind of attack.

  • From: Adam D. McKenna
  • Date: Tue Dec 08 22:52:10 1998

tcp and udp are transport layer protocols.  If someone is sending raw IP
packets that aren't using a particular transport protocol, maybe they could
get through (?)

--Adam

-----Original Message-----
From: Thom Youngblood <[email protected]>
To: North America Network Operators Group <[email protected]>
Date: Tuesday, December 08, 1998 5:55 PM
Subject: Help with identifying a kind of attack.


:-----BEGIN PGP SIGNED MESSAGE-----
:Hash: SHA1
:
:
:I've been tracking an attack all day long, and have been frustrated
:trying to figure out both what was being attacked, and how.  Finally,
:I realized it was *not* ICMP, UDP, or TCP.
:
:#sh access-lists 151
:Extended IP access list 151
:    permit icmp any 20.0.0.0 0.255.255.255 (1023 matches)
:    permit udp any 20.0.0.0 0.255.255.255 (4347 matches)
:    permit tcp any 20.0.0.0 0.255.255.255 (86444 matches)
:    deny   ip any 20.0.0.0 0.255.255.255 (5547308 matches)
:    permit ip any any (4450563 matches)
:
:
:In the above, notice the disparity?  So, my question is...
:
:What the hell kind of packet is it if it's not ICMP, UDP, or TCP?
:
:
:-----BEGIN PGP SIGNATURE-----
:Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com>
:
:iQA/AwUBNm2jB2fkezbzToVaEQIQQQCgllupf+cmax8w5n/RgYhlATz+BuQAn38r
:Di2Ec9bI2Prrahm9yKp5rohS
:=/qOm
:-----END PGP SIGNATURE-----
:
: