North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Help with identifying a kind of attack.
- From: Adam D. McKenna
- Date: Tue Dec 08 22:52:10 1998
tcp and udp are transport layer protocols. If someone is sending raw IP
packets that aren't using a particular transport protocol, maybe they could
get through (?)
From: Thom Youngblood <firstname.lastname@example.org>
To: North America Network Operators Group <email@example.com>
Date: Tuesday, December 08, 1998 5:55 PM
Subject: Help with identifying a kind of attack.
:-----BEGIN PGP SIGNED MESSAGE-----
:I've been tracking an attack all day long, and have been frustrated
:trying to figure out both what was being attacked, and how. Finally,
:I realized it was *not* ICMP, UDP, or TCP.
:#sh access-lists 151
:Extended IP access list 151
: permit icmp any 188.8.131.52 0.255.255.255 (1023 matches)
: permit udp any 184.108.40.206 0.255.255.255 (4347 matches)
: permit tcp any 220.127.116.11 0.255.255.255 (86444 matches)
: deny ip any 18.104.22.168 0.255.255.255 (5547308 matches)
: permit ip any any (4450563 matches)
:In the above, notice the disparity? So, my question is...
:What the hell kind of packet is it if it's not ICMP, UDP, or TCP?
:-----BEGIN PGP SIGNATURE-----
:Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com>
:-----END PGP SIGNATURE-----