nanog mailing list archives
Re: Attacking on Source Port 0 (ZERO)
From: Shahab Vahabzadeh <sh.vahabzadeh () gmail com>
Date: Sun, 14 Oct 2012 23:29:42 +0330
Hi there, It was TCP and I think it was not a DDoS attack because the traffic was not heavy. But I see abnormal cpu usage (%99) in my BRAS's which are Cisco 7206 VXR. I think it act like a warm or some attacks which cause high CPU load in some IOS. Thanks On Sun, Oct 14, 2012 at 5:13 PM, Dobbins, Roland <rdobbins () arbor net> wrote:
On Oct 14, 2012, at 4:48 PM, Shahab Vahabzadeh wrote:Does any body know what kind of attack can be come to port 0?If it's protocol 0, instead of port 0, it's likely a packet-flooding DDoS attack. If it's port 0, you may be incorrectly blocking non-initial fragments. Alternately, it could represent a fragmented DDoS attack, either non-initial fragments fired directly against something on your network or as the result of a DNS reflection/amplification attack against something on your network. The log fragment you posted doesn't provide enough detail to make an informed judgement. Also, you should not place servers behind a stateful firewall, anyways. ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
-- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator Cell Phone: +1 (415) 871 0742 PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
Current thread:
- Attacking on Source Port 0 (ZERO) Shahab Vahabzadeh (Oct 14)
- Re: Attacking on Source Port 0 (ZERO) Dobbins, Roland (Oct 14)
- Re: Attacking on Source Port 0 (ZERO) Shahab Vahabzadeh (Oct 14)
- Re: Attacking on Source Port 0 (ZERO) Nick Hilliard (Oct 14)
- Re: Attacking on Source Port 0 (ZERO) Dobbins, Roland (Oct 14)
- Re: Attacking on Source Port 0 (ZERO) Dobbins, Roland (Oct 14)
- Re: Attacking on Source Port 0 (ZERO) Ryan Malayter (Oct 15)
- Re: Attacking on Source Port 0 (ZERO) Dobbins, Roland (Oct 15)
- Re: Attacking on Source Port 0 (ZERO) Steven Noble (Oct 15)
- Re: Attacking on Source Port 0 (ZERO) Shahab Vahabzadeh (Oct 14)
- Re: Attacking on Source Port 0 (ZERO) Dobbins, Roland (Oct 14)
- <Possible follow-ups>
- Re: Attacking on Source Port 0 (ZERO) Scott Weeks (Oct 14)