Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Help with identifying a kind of attack.

  • From: Daniel Senie
  • Date: Wed Dec 09 22:44:45 1998

Depending on how your upstream is set up, it could be OSPF, for example.
To see a what it is you're capturing, set up logging to a syslog host,
and add "log" to the end of the drop line

	deny   ip any 20.0.0.0 0.255.255.255 log

and you'll see the protocol number reported in the logging output. To
see a list of the port numbers, you can look at any IANA mirror. The
document you want is located at
http://www.amaranthnetworks.com/ietf/iana/assignments/protocol-numbers
on my mirror.

There are presently assignments from zero to 119. There are lots of
possibilities. OSPF is one that sometimes wanders over lines from
upstream providers to downstream sites, for example.

Dan

-- 
-----------------------------------------------------------------
Daniel Senie                                        dts@senie.com
Amaranth Networks Inc.            http://www.amaranthnetworks.com




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.