North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Help with identifying a kind of attack.
- From: David O'Leary
- Date: Tue Dec 08 19:01:07 1998
At 05:07 PM 12/8/98 -0500, Thom Youngblood wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>I've been tracking an attack all day long, and have been frustrated
>trying to figure out both what was being attacked, and how. Finally,
>I realized it was *not* ICMP, UDP, or TCP.
>#sh access-lists 151
>Extended IP access list 151
> permit icmp any 184.108.40.206 0.255.255.255 (1023 matches)
> permit udp any 220.127.116.11 0.255.255.255 (4347 matches)
> permit tcp any 18.104.22.168 0.255.255.255 (86444 matches)
> deny ip any 22.214.171.124 0.255.255.255 (5547308 matches)
> permit ip any any (4450563 matches)
>In the above, notice the disparity? So, my question is...
>What the hell kind of packet is it if it's not ICMP, UDP, or TCP?
>-----BEGIN PGP SIGNATURE-----
>Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com>
>-----END PGP SIGNATURE-----