[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Attacking on Source Port 0 (ZERO)
- Subject: Attacking on Source Port 0 (ZERO)
- From: sh.vahabzadeh at gmail.com (Shahab Vahabzadeh)
- Date: Sun, 14 Oct 2012 23:29:42 +0330
- In-reply-to: <[email protected]>
- References: <CAGqGmqbTsnO3WD6HR=4oVX_2=YsdWaii9b7+yApZMd1zBaaSPQ@mail.gmail.com> <[email protected]>
Hi there,
It was TCP and I think it was not a DDoS attack because the traffic was not
heavy.
But I see abnormal cpu usage (%99) in my BRAS's which are Cisco 7206 VXR.
I think it act like a warm or some attacks which cause high CPU load in
some IOS.
Thanks
On Sun, Oct 14, 2012 at 5:13 PM, Dobbins, Roland <rdobbins at arbor.net> wrote:
>
> On Oct 14, 2012, at 4:48 PM, Shahab Vahabzadeh wrote:
>
> > Does any body know what kind of attack can be come to port 0?
>
> If it's protocol 0, instead of port 0, it's likely a packet-flooding DDoS
> attack.
>
> If it's port 0, you may be incorrectly blocking non-initial fragments.
> Alternately, it could represent a fragmented DDoS attack, either
> non-initial fragments fired directly against something on your network or
> as the result of a DNS reflection/amplification attack against something on
> your network.
>
> The log fragment you posted doesn't provide enough detail to make an
> informed judgement. Also, you should not place servers behind a stateful
> firewall, anyways.
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
> Luck is the residue of opportunity and design.
>
> -- John Milton
>
>
>
--
Regards,
Shahab Vahabzadeh, Network Engineer and System Administrator
Cell Phone: +1 (415) 871 0742
PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90