Attack on UDP 101

• Previous message (by thread): Attack on UDP 101
• Next message (by thread): Re: Attack on UDP 101
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jul 21, 2012 at 1:57 PM, Shahab Vahabzadeh
<sh.vahabzadeh at gmail.com> wrote:
> Dear Christopher,
> There is no route for this host, but my users connect to this router via

$ p 76.164.199.86
PING 76.164.199.86 (76.164.199.86) 56(84) bytes of data.
64 bytes from 76.164.199.86: icmp_seq=1 ttl=250 time=89.9 ms

seems like I see one from inside verizon-land...

> virtual-template interface, and in the uplink interface of the same router
> automatically near 300Mbps traffic is generating (output) and its looping in
> the same interface (no broadcast in other interfaces).
> I sniff the traffic on that time with tcpdump I think lots of packets like
> this, I thought its an attack from one of users because my netflow analyser
> does not show any record with this IP Address.
> Do you have any idea?

some screwball config on your router? or a case where 2 devices have
differing ideas of where 0/0 is headed? "Hey, you should know where to
send this... no, you should... no, you should.... oops! ttl-expired."

> Thanks
>
>
> On Sat, Jul 21, 2012 at 10:17 PM, Christopher Morrow
> <morrowc.lists at gmail.com> wrote:
>>
>> On Sat, Jul 21, 2012 at 10:50 AM, Shahab Vahabzadeh
>> <sh.vahabzadeh at gmail.com> wrote:
>> > 76.164.199.86
>>
>> is this host perhaps a bcast/network address or routed oddly at the
>> destination? (/32 route to something that is redirecting to another
>> place? or redirecting back toward 0/0?)
>>
>> also:
>> versaweb should fix their rwhois server:
>> Found a referral to rwhois.versaweb.com:4321.
>>
>> PHP Warning:  PHP Startup: Unable to load dynamic library
>> '/usr/lib/php/extensions/no-debug-non-zts-20090626/timezonedb.so' -
>> /usr/lib/php/extensions/no-debug-non-zts-20090626/timezonedb.so:
>> cannot open shared object file: No such file or directory in Unknown
>> on line 0
>> PHP Warning:  PHP Startup: Unable to load dynamic library
>> '/usr/lib/php/extensions/no-debug-non-zts-20090626/ixed.5.3.lin' -
>> /usr/lib/php/extensions/no-debug-non-zts-20090626/ixed.5.3.lin: cannot
>> open shared object file: No such file or directory in Unknown on line
>> 0
>> X-Powered-By: PHP/5.3.8
>> Set-Cookie: UBERSID=2d6ba57f7921e7694c87b3dfe04eb745; path=/
>> Expires: Thu, 19 Nov 1981 08:52:00 GMT
>> Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
>> pre-check=0
>> Pragma: no-cache
>> Content-type: text/html; charset=UTF-8
>
>
>
>
> --
> Regards,
> Shahab Vahabzadeh, Network Engineer and System Administrator
>
> Cell Phone: +1 (415) 871 0742
> PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81  C2EE 76A2 46C2 5367 BF90
>

• Previous message (by thread): Attack on UDP 101
• Next message (by thread): Re: Attack on UDP 101
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]