Re: Port 8 and Ping

[Robert van der Meulen <rvdm () CISTRON NL>]

Quoting Prashanth Ram (pram () CORPORATEGRAPHICS COM):
> the frequency of the scans I am sure that it was a coordinated attack. It
> also seems that all I get is 1 or 2 hits from an IP address. When I did a
> lookup on these IP address most of them belonged to modems and DSL lines, so
<snip>
port 8 is 'exterior gateway protocol', used for router-advertisement and
policy-based routing. As far as i know, it's the predecessor of BGP.
It looks like you've been DDoS-ed, or those packets were spoofed.
Try doing an upness-check on a (semi/large) amount of the hosts you were
scanned from, especially the modem ones, but do it directly after the
attack.
If you find a reasonable amount of hosts that are down, chances are those
packets have been spoofed.

If not, try checking the services on your attacking hosts, and check for
'well known DDoS agents'. If there are any, contact the ISP's on whose
customers the DDoS clients were running, and try to get them to take action
;)
This will be A Lot Of Work, probably, and the ISP's probably won't/can't do
a lot.

Also keep in mind that some of the stuff i said you _could_ do might be
illegal in some countries!

Greets,
        Robert

--
                                Don't panic.