tcp and udp are transport layer protocols. If someone is sending raw IP packets that aren't using a particular transport protocol, maybe they could get through (?) --Adam -----Original Message----- From: Thom Youngblood <thom@cais.net> To: North America Network Operators Group <nanog@merit.edu> Date: Tuesday, December 08, 1998 5:55 PM Subject: Help with identifying a kind of attack. :-----BEGIN PGP SIGNED MESSAGE----- :Hash: SHA1 : : :I've been tracking an attack all day long, and have been frustrated :trying to figure out both what was being attacked, and how. Finally, :I realized it was *not* ICMP, UDP, or TCP. : :#sh access-lists 151 :Extended IP access list 151 : permit icmp any 20.0.0.0 0.255.255.255 (1023 matches) : permit udp any 20.0.0.0 0.255.255.255 (4347 matches) : permit tcp any 20.0.0.0 0.255.255.255 (86444 matches) : deny ip any 20.0.0.0 0.255.255.255 (5547308 matches) : permit ip any any (4450563 matches) : : :In the above, notice the disparity? So, my question is... : :What the hell kind of packet is it if it's not ICMP, UDP, or TCP? : : :-----BEGIN PGP SIGNATURE----- :Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com> : :iQA/AwUBNm2jB2fkezbzToVaEQIQQQCgllupf+cmax8w5n/RgYhlATz+BuQAn38r :Di2Ec9bI2Prrahm9yKp5rohS :=/qOm :-----END PGP SIGNATURE----- : :