Milk attack
=?iso-2022-kr?Q?Jongwon_Kim=28=D1=D1_=F1=A3=EA=AA=29?=
knight at kix.net
Fri Oct 2 07:38:50 UTC 1998
Hi! Mr.Nash.
As you wrote, 11 is udp protocol and Src port is 0x0498(=1176) and dest port is 0x17(=23).
If you want to filter it ,In your Bordor router ,
access-list 106 deny udp host 208.10.5.2 host dest.IP log-in
and then ,at your serial port
ip access-list 107 in
That's all.
Regards,
On Thu, 1 Oct 1998, Steve Nash wrote:
> Im curious if anyone knows of the "milk" attack. Our network was just
> slammed by such
> an attack for about an hour all aimed at one of our core routers. A "sh
> ip cache x.x.x.x x.x.x.x fl"
> on it showed this:
>
> SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts B/Pk
> Active
> Fa0/0 208.10.5.2 Local X.X.X.X 11 0498 0017
> 164K1028 985.3
>
> except from 10 to 15 hosts all nailing us at the same time. The
> protocol as you see is "11" which
> I have been unable to find information about. There was no way to
> filter it and access-lists denying
> protocol "11" showed 0 matches. Anyone have any ideas?
>
> --
> \\|//
> -(@ @)-
> ==oOO==(_)==OOo=========================================================
> Steven Nash
> snash at lightning.net
> l i g h t n i n g i n t e r n e t s e r v i c e s l l c
> Chief Backbone Engineer -- Network Engineering
> http://www.lightning.net
>
>
>
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
KORNET Network Assistance Manager(Centural O&M Center)
- Voice : 82-2-766-5902 -Fax : 82-2-766-5901
-E-Mail : knight at kix.net
====================================================================
More information about the NANOG
mailing list