Security Incidents mailing list archives
unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr[
From: "Melt Man" <ran_mobby () rediffmail com>
Date: 18 Oct 2002 13:31:15 -0000
Dear sir. I'm facing this packets continuously on my server.Can someone please explain me what these packets r and for what they r used?
is this possibly a DDOS attack?? the sample tcpdump output is:20:32:22.658735 200.213.38.137.1812 > XX.XX.XX.XX.1812: rad-#0 41 [id 0] Attr[ Term_action Term_action Term_action Term_ac tion Term_action Term_action Term_action Term_action Term_action Term_action Term_action
second time tcpdump20:39:57.168735 202.30.10.188.1812 > XX.XX.XX.XX.1812: rad-#0 41 [id 0] Attr[ Term_action
This Line Term_action goes on till infinity (or may b till run out of buffers)
Means these packets are coming from a different different Ip addresses ...
I'm not running anything on 1812 port (neither udp or tcp) Does above packet mean another protocol than udp/tcp ?? can someone please explain me the above problem ... i'm getting worried about the traffic coming to my servers .... Thanking you, Mobby ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr[ Melt Man (Oct 18)
- Re: unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr[ James Sneeringer (Oct 20)
- Re: unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr[ Ryan Yagatich (Oct 20)
- Re: unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr[ James Williams (Oct 22)
- <Possible follow-ups>
- RE: unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr[ James Williams (Oct 24)