nanog mailing list archives

Re: DDoS using port 0 and 53 (DNS)

From: sthaug () nethelp no
Date: Wed, 25 Jul 2012 08:13:20 +0200 (CEST)

The port number of the Layer 4 connection cannot be determined without
executing IP fragment reassembly in that case.    Routers normally
reassemble fragments they receive, if possible.


No, routers normally do *not* reassemble fragments. This is typically
done by hosts and firewalls.

Steinar Haug, Nethelp consulting, sthaug () nethelp no

Current thread:

DDoS using port 0 and 53 (DNS) Frank Bulk (Jul 24)
- Re: DDoS using port 0 and 53 (DNS) Roland Dobbins (Jul 24)
  - RE: DDoS using port 0 and 53 (DNS) Frank Bulk (Jul 24)
  - Re: DDoS using port 0 and 53 (DNS) Jimmy Hess (Jul 24)
    - Re: DDoS using port 0 and 53 (DNS) sthaug (Jul 24)
    - Re: DDoS using port 0 and 53 (DNS) Dobbins, Roland (Jul 24)
    - Re: DDoS using port 0 and 53 (DNS) Dobbins, Roland (Jul 24)
    - RE: DDoS using port 0 and 53 (DNS) Frank Bulk (Jul 25)
    - Re: DDoS using port 0 and 53 (DNS) Dobbins, Roland (Jul 25)
- Re: DDoS using port 0 and 53 (DNS) Jimmy Hess (Jul 24)
  - Re: DDoS using port 0 and 53 (DNS) John Kristoff (Jul 25)
    - Re: DDoS using port 0 and 53 (DNS) Joel Maslak (Jul 25)
    - Re: DDoS using port 0 and 53 (DNS) Dobbins, Roland (Jul 25)
    - Re: DDoS using port 0 and 53 (DNS) Mark Andrews (Jul 25)
- RE: DDoS using port 0 and 53 (DNS) Drew Weaver (Jul 25)

(Thread continues...)