ESP based Denial of Service
This is a bit of a long shot, but is anyone in NZ observing an attempted DOS attack using ESP traffic (in particular IP protocol 50)?
On Aug 18, 2009, at 12:01 PM, Philip D'Ath wrote:
This is a bit of a long shot, but is anyone in NZ observing an attempted DOS attack using ESP traffic (in particular IP protocol 50)?
I'm not in NZ and am not observing one now, but do note that protocol
50 (and protocol 0, & 254, and everything in between) is sometimes
used by attackers to bypass ACLs/firewall rules, because folks often
don't think about anything other than TCP, UDP, and ICMP.
Note that if it is in fact a DDoS attack, it's likely not well-formed
ESP - rather, the protocol number in the header is simply set to 50 in
order to bypass filtering per the above.
So, it's not a strange idea, at all.
;>
-----------------------------------------------------------------------
Roland Dobbins
not observing it persay but did experience it yesterday. ________________________________ From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Philip D'Ath Sent: Tuesday, 18 August 2009 5:01 p.m. To: nznog Subject: [nznog] ESP based Denial of Service This is a bit of a long shot, but is anyone in NZ observing an attempted DOS attack using ESP traffic (in particular IP protocol 50)? The information contained in this e-mail is confidential and may be legally privileged. If you have received it in error, you may not read, use, copy or disclose this email. If you are not the intended recipient, please let us know by reply e-mail immediately and then delete this email from your system. We shall not be responsible for any changes to, or interception of, this email or any attachment after it leaves our information systems. We accept no responsibility for viruses or defects in this email or any attachments.
participants (3)
-
Julie Hendry
-
Philip D'Ath
-
Roland Dobbins