Security Incidents mailing list archives
Re: Port 8 and Ping
From: Robert van der Meulen <rvdm () CISTRON NL>
Date: Thu, 28 Dec 2000 04:33:30 +0100
Quoting Prashanth Ram (pram () CORPORATEGRAPHICS COM):
the frequency of the scans I am sure that it was a coordinated attack. It also seems that all I get is 1 or 2 hits from an IP address. When I did a lookup on these IP address most of them belonged to modems and DSL lines, so
<snip> port 8 is 'exterior gateway protocol', used for router-advertisement and policy-based routing. As far as i know, it's the predecessor of BGP. It looks like you've been DDoS-ed, or those packets were spoofed. Try doing an upness-check on a (semi/large) amount of the hosts you were scanned from, especially the modem ones, but do it directly after the attack. If you find a reasonable amount of hosts that are down, chances are those packets have been spoofed. If not, try checking the services on your attacking hosts, and check for 'well known DDoS agents'. If there are any, contact the ISP's on whose customers the DDoS clients were running, and try to get them to take action ;) This will be A Lot Of Work, probably, and the ISP's probably won't/can't do a lot. Also keep in mind that some of the stuff i said you _could_ do might be illegal in some countries! Greets, Robert -- Don't panic.
Current thread:
- Port 8 and Ping Prashanth Ram (Dec 27)
- Re: Port 8 and Ping Robert van der Meulen (Dec 27)
- Re: Port 8 and Ping Blake R. Swopes (Dec 28)