nanog mailing list archives

Re: Help with identifying a kind of attack.

From: Daniel Senie <dts () senie com>
Date: Wed, 09 Dec 1998 22:18:33 -0500

Depending on how your upstream is set up, it could be OSPF, for example.
To see a what it is you're capturing, set up logging to a syslog host,
and add "log" to the end of the drop line

        deny   ip any 20.0.0.0 0.255.255.255 log

and you'll see the protocol number reported in the logging output. To
see a list of the port numbers, you can look at any IANA mirror. The
document you want is located at
http://www.amaranthnetworks.com/ietf/iana/assignments/protocol-numbers
on my mirror.

There are presently assignments from zero to 119. There are lots of
possibilities. OSPF is one that sometimes wanders over lines from
upstream providers to downstream sites, for example.

Dan

-- 
-----------------------------------------------------------------
Daniel Senie                                        dts () senie com
Amaranth Networks Inc.            http://www.amaranthnetworks.com

Current thread:

Help with identifying a kind of attack. Thom Youngblood (Dec 08)
- Re: Help with identifying a kind of attack. Jon Green (Dec 08)
- Re: Help with identifying a kind of attack. Nikos Mouat (Dec 08)
- Re: Help with identifying a kind of attack. Ehud Gavron (Dec 08)
- Re: Help with identifying a kind of attack. Andy McConnell (Dec 08)
- Re: Help with identifying a kind of attack. David O'Leary (Dec 08)
- <Possible follow-ups>
- Re: Help with identifying a kind of attack. Adam D. McKenna (Dec 08)
  - Re: Help with identifying a kind of attack. Henry Linneweh (Dec 08)
  - Re: Help with identifying a kind of attack. Daniel Senie (Dec 09)