Re: Attack on UDP 101

[Shahab Vahabzadeh <sh.vahabzadeh () gmail com>]

Dear Stefan,
I have an 7206VXR Router with this design:

int gig 0/1: directly connected to 3750 switch (uplink to internet)
int gig 0/2: vlan termination from PSTN centers
int virtual-template1: xdsl users

Its about 4 days that I see near 300Mpbs outbound traffic in int gig0/1
that there is no such a traffic in none of routers interface, but the same
traffic is seen in 3750 peer interface.
I try to run monitor session on 3750 and monitor port traffic which I see
that packet is generating from a user and its in a loop between 3750 and
7206.
When I disconnect that user, I see that that packet is in loop again,
because of that I am sure its making a loop but I do not know the reseaon
is that packets or not.

Thanks


On Sat, Jul 21, 2012 at 11:02 PM, Stefan Fouant <
sfouant () shortestpathfirst net> wrote:

> Can you give us more  information? What do you mean it is causing Layer 3
> loops?
>
> Stefan Fouant
>
> Sent from my HTC on the Now Network from Sprint!
>
>
> ----- Reply message -----
> From: "Shahab Vahabzadeh" <sh.vahabzadeh () gmail com>
> Date: Sat, Jul 21, 2012 10:50 am
> Subject: Attack on UDP 101
> To: <nanog () nanog org>
>
> Hi there,
> Does any body know any report about attack on UDP Port 101 which make Layer
> 3 Loops?
> This is an example sniff:
>
> Source IP Address is : 76.164.199.86
> Source port: 62946  Destination port: 101
> 2012-07-21 11:11:09.646757
>
> Thanks
>
> --
> Regards,
> Shahab Vahabzadeh, Network Engineer and System Administrator
>
> Cell Phone: +1 (415) 871 0742
> PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81  C2EE 76A2 46C2 5367 BF90


-- 
Regards,
Shahab Vahabzadeh, Network Engineer and System Administrator

Cell Phone: +1 (415) 871 0742
PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81  C2EE 76A2 46C2 5367 BF90