Help with identifying a kind of attack.

• Previous message (by thread): MAE-West et al.
• Next message (by thread): Help with identifying a kind of attack.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I've been tracking an attack all day long, and have been frustrated
trying to figure out both what was being attacked, and how.  Finally,
I realized it was *not* ICMP, UDP, or TCP.

#sh access-lists 151
Extended IP access list 151
    permit icmp any 20.0.0.0 0.255.255.255 (1023 matches)
    permit udp any 20.0.0.0 0.255.255.255 (4347 matches)
    permit tcp any 20.0.0.0 0.255.255.255 (86444 matches)
    deny   ip any 20.0.0.0 0.255.255.255 (5547308 matches)
    permit ip any any (4450563 matches)


In the above, notice the disparity?  So, my question is...

What the hell kind of packet is it if it's not ICMP, UDP, or TCP?


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com>

iQA/AwUBNm2jB2fkezbzToVaEQIQQQCgllupf+cmax8w5n/RgYhlATz+BuQAn38r
Di2Ec9bI2Prrahm9yKp5rohS
=/qOm
-----END PGP SIGNATURE-----

• Previous message (by thread): MAE-West et al.
• Next message (by thread): Help with identifying a kind of attack.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]