nanog mailing list archives
Re: Attacking on Source Port 0 (ZERO)
From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Sun, 14 Oct 2012 13:43:58 +0000
On Oct 14, 2012, at 4:48 PM, Shahab Vahabzadeh wrote:
Does any body know what kind of attack can be come to port 0?
If it's protocol 0, instead of port 0, it's likely a packet-flooding DDoS attack. If it's port 0, you may be incorrectly blocking non-initial fragments. Alternately, it could represent a fragmented DDoS attack, either non-initial fragments fired directly against something on your network or as the result of a DNS reflection/amplification attack against something on your network. The log fragment you posted doesn't provide enough detail to make an informed judgement. Also, you should not place servers behind a stateful firewall, anyways. ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
Current thread:
- Attacking on Source Port 0 (ZERO) Shahab Vahabzadeh (Oct 14)
- Re: Attacking on Source Port 0 (ZERO) Dobbins, Roland (Oct 14)
- Re: Attacking on Source Port 0 (ZERO) Shahab Vahabzadeh (Oct 14)
- Re: Attacking on Source Port 0 (ZERO) Nick Hilliard (Oct 14)
- Re: Attacking on Source Port 0 (ZERO) Dobbins, Roland (Oct 14)
- Re: Attacking on Source Port 0 (ZERO) Dobbins, Roland (Oct 14)
- Re: Attacking on Source Port 0 (ZERO) Ryan Malayter (Oct 15)
- Re: Attacking on Source Port 0 (ZERO) Dobbins, Roland (Oct 15)
- Re: Attacking on Source Port 0 (ZERO) Steven Noble (Oct 15)
- Re: Attacking on Source Port 0 (ZERO) Shahab Vahabzadeh (Oct 14)
- Re: Attacking on Source Port 0 (ZERO) Dobbins, Roland (Oct 14)
- <Possible follow-ups>
- Re: Attacking on Source Port 0 (ZERO) Scott Weeks (Oct 14)