nanog mailing list archives

Re: Milk attack

From: Jongwon Kim(金鍾元) <knight () kix net>
Date: Fri, 2 Oct 1998 16:38:50 +0900 (KST)

Hi! Mr.Nash.
As you wrote, 11 is udp protocol and Src port is 0x0498(=1176) and dest port is 0x17(=23).
If you want to filter it ,In your Bordor router ,
access-list 106 deny udp  host 208.10.5.2 host dest.IP log-in
and then ,at your serial port 
ip access-list 107 in

That's all.

Regards,

On Thu, 1 Oct 1998, Steve Nash wrote:

Im curious if anyone knows of the "milk" attack.  Our network was just
slammed by such
an attack for about an hour all aimed at one of our core routers.  A "sh
ip cache x.x.x.x x.x.x.x fl"
on it showed this:

SrcIf    SrcIPaddress  DstIf  DstIPaddress    Pr SrcP DstP Pkts B/Pk
Active
Fa0/0    208.10.5.2      Local    X.X.X.X           11 0498 0017
164K1028  985.3

except from 10 to 15 hosts all nailing us at the same time.  The
protocol as you see is "11" which
I have been unable to find information about.  There was no way to
filter it and access-lists denying
protocol "11" showed 0 matches.  Anyone have any ideas?

--
      \\|//
     -(@ @)-
==oOO==(_)==OOo=========================================================
Steven Nash
snash () lightning net
l i g h t n i n g  i n t e r n e t  s e r v i c e s  l l c
Chief Backbone Engineer -- Network Engineering
http://www.lightning.net



 -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
       KORNET Network Assistance Manager(Centural O&M Center)
         - Voice : 82-2-766-5902  -Fax : 82-2-766-5901
                   -E-Mail : knight () kix net
 ====================================================================

Current thread:

Milk attack Steve Nash (Oct 01)
- Re: Milk attack Craig A. Huegen (Oct 01)
- Re: Milk attack 金鍾元 (Oct 02)