|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Help with identifying a kind of attack.
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Could be other protocols such as IPX, SPX, NetBEUI and AppleTalk. Henry R. Linneweh - -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.0.2 iQA/AwUBNm3+seBkoZ0XTT12EQLDpQCg8YS/niBpz/0rW19iMMvKpKVUJC8AoIdL 0kLjVqfbSSxRLeNy2j4qubXY =FmgT - -----END PGP SIGNATURE----- "Adam D. McKenna" wrote: > tcp and udp are transport layer protocols. If someone is sending raw IP > packets that aren't using a particular transport protocol, maybe they could > get through (?) > > --Adam > > -----Original Message----- > From: Thom Youngblood <[email protected]> > To: North America Network Operators Group <[email protected]> > Date: Tuesday, December 08, 1998 5:55 PM > Subject: Help with identifying a kind of attack. > > :-----BEGIN PGP SIGNED MESSAGE----- > :Hash: SHA1 > : > : > :I've been tracking an attack all day long, and have been frustrated > :trying to figure out both what was being attacked, and how. Finally, > :I realized it was *not* ICMP, UDP, or TCP. > : > :#sh access-lists 151 > :Extended IP access list 151 > : permit icmp any 20.0.0.0 0.255.255.255 (1023 matches) > : permit udp any 20.0.0.0 0.255.255.255 (4347 matches) > : permit tcp any 20.0.0.0 0.255.255.255 (86444 matches) > : deny ip any 20.0.0.0 0.255.255.255 (5547308 matches) > : permit ip any any (4450563 matches) > : > : > :In the above, notice the disparity? So, my question is... > : > :What the hell kind of packet is it if it's not ICMP, UDP, or TCP? > : > : > :-----BEGIN PGP SIGNATURE----- > :Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com> > : > :iQA/AwUBNm2jB2fkezbzToVaEQIQQQCgllupf+cmax8w5n/RgYhlATz+BuQAn38r > :Di2Ec9bI2Prrahm9yKp5rohS > :=/qOm > :-----END PGP SIGNATURE----- > : > :
|