Re: [c-nsp] ACL to block udp/0?

On 05/12/2023 23:44, Gert Doering wrote: D'Wayne Saunders already pointed at this most likely being fragments - large packet reflections, and all non-initial fragments being reported by IOS* as "port 0" (so you should see 1500 byte regular UDP as well, with a non-0 port number) IOS XR syntax

Re: [c-nsp] ACL to block udp/0?

Hi, On Tue, Dec 05, 2023 at 11:27:21PM +0200, Hank Nussbacher via cisco-nsp wrote: > We encountered something strange.  We run IOS-XR 7.5.2 on ASR9K platform. > > Had a user under udp/0 attack.  Tried to block it via standard ACL: > > > ipv4 access-list block-zero >  20 deny udp any any eq 0 >

Re: [c-nsp] ACL to block udp/0?

Howdy on my phone so no detail but the Flow being reported will be due to fragments and not necessarily port 0 The below link has details on how to block fragments Access Control Lists and IP

[c-nsp] ACL to block udp/0?

We encountered something strange.  We run IOS-XR 7.5.2 on ASR9K platform. Had a user under udp/0 attack.  Tried to block it via standard ACL: ipv4 access-list block-zero  20 deny udp any any eq 0  30 deny tcp any any eq 0  40 permit ipv4 any any Applied to interface:  ipv4 access-group