It might be spoofed source IPs
Krunal Shah -----Original Message----- From: NANOG [mailto:[email protected]] On Behalf Of Mark Andrews Sent: Tuesday, September 12, 2017 10:45 PM To: Large Hadron Collider Cc: [email protected] Subject: Re: Protocol 17 floods from Vietnam & Mexico? In message <[email protected]>, Large Hadron Collider writes: > Yes, I'm being UDP flooded. I worked that out by grepping /etc/protocols. > > > On 12/09/2017 18:24, Matt Harris wrote: > > Protocol 17 is UDP. UDP is pretty common on the internet. Not sure > > why source and destination ports aren't being shown by your tool > > there, might be malformed UDP packets designed to obscure themselves > > from or otherwise evade some intrusion detection or firewall systems. No ports are listed because they are not the initial fragment of the UDP packet. Only the initial fragment that contains the UDP header has the ports reported. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] -------------------------------- This electronic message contains information from Primus Management ULC ("PRIMUS") , which may be legally privileged and confidential. The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic message in error, please notify us by telephone or e-mail (to the number or address above) immediately. Any views, opinions or advice expressed in this electronic message are not necessarily the views, opinions or advice of PRIMUS. It is the responsibility of the recipient to ensure that any attachments are virus free and PRIMUS bears no responsibility for any loss or damage arising in any way from the use thereof.The term "PRIMUS" includes its affiliates. -------------------------------- Pour la version en français de ce message, veuillez voir http://www.primustel.ca/fr/legal/cs.htm
