Attack on UDP 101

Shahab Vahabzadeh sh.vahabzadeh at gmail.com
Sat Jul 21 12:57:38 CDT 2012


Dear Christopher,
There is no route for this host, but my users connect to this router via
virtual-template interface, and in the uplink interface of the same router
automatically near 300Mbps traffic is generating (output) and its looping
in the same interface (no broadcast in other interfaces).
I sniff the traffic on that time with tcpdump I think lots of packets like
this, I thought its an attack from one of users because my netflow analyser
does not show any record with this IP Address.
Do you have any idea?
Thanks

On Sat, Jul 21, 2012 at 10:17 PM, Christopher Morrow <
morrowc.lists at gmail.com> wrote:

> On Sat, Jul 21, 2012 at 10:50 AM, Shahab Vahabzadeh
> <sh.vahabzadeh at gmail.com> wrote:
> > 76.164.199.86
>
> is this host perhaps a bcast/network address or routed oddly at the
> destination? (/32 route to something that is redirecting to another
> place? or redirecting back toward 0/0?)
>
> also:
> versaweb should fix their rwhois server:
> Found a referral to rwhois.versaweb.com:4321.
>
> PHP Warning:  PHP Startup: Unable to load dynamic library
> '/usr/lib/php/extensions/no-debug-non-zts-20090626/timezonedb.so' -
> /usr/lib/php/extensions/no-debug-non-zts-20090626/timezonedb.so:
> cannot open shared object file: No such file or directory in Unknown
> on line 0
> PHP Warning:  PHP Startup: Unable to load dynamic library
> '/usr/lib/php/extensions/no-debug-non-zts-20090626/ixed.5.3.lin' -
> /usr/lib/php/extensions/no-debug-non-zts-20090626/ixed.5.3.lin: cannot
> open shared object file: No such file or directory in Unknown on line
> 0
> X-Powered-By: PHP/5.3.8
> Set-Cookie: UBERSID=2d6ba57f7921e7694c87b3dfe04eb745; path=/
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
> pre-check=0
> Pragma: no-cache
> Content-type: text/html; charset=UTF-8
>



-- 
Regards,
Shahab Vahabzadeh, Network Engineer and System Administrator

Cell Phone: +1 (415) 871 0742
PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81  C2EE 76A2 46C2 5367 BF90


More information about the NANOG mailing list