Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Help with identifying a kind of attack.

  • From: David O'Leary
  • Date: Tue Dec 08 19:01:07 1998

maybe EGP?

:-/
						dave

At 05:07 PM 12/8/98 -0500, Thom Youngblood wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>I've been tracking an attack all day long, and have been frustrated
>trying to figure out both what was being attacked, and how.  Finally,
>I realized it was *not* ICMP, UDP, or TCP.
>
>#sh access-lists 151
>Extended IP access list 151
>    permit icmp any 20.0.0.0 0.255.255.255 (1023 matches)
>    permit udp any 20.0.0.0 0.255.255.255 (4347 matches)
>    permit tcp any 20.0.0.0 0.255.255.255 (86444 matches)
>    deny   ip any 20.0.0.0 0.255.255.255 (5547308 matches)
>    permit ip any any (4450563 matches)
>
>
>In the above, notice the disparity?  So, my question is...
>
>What the hell kind of packet is it if it's not ICMP, UDP, or TCP?
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com>
>
>iQA/AwUBNm2jB2fkezbzToVaEQIQQQCgllupf+cmax8w5n/RgYhlATz+BuQAn38r
>Di2Ec9bI2Prrahm9yKp5rohS
>=/qOm
>-----END PGP SIGNATURE-----
>
>
>




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.