Hi! Mr.Nash. As you wrote, 11 is udp protocol and Src port is 0x0498(=1176) and dest port is 0x17(=23). If you want to filter it ,In your Bordor router , access-list 106 deny udp host 208.10.5.2 host dest.IP log-in and then ,at your serial port ip access-list 107 in That's all. Regards, On Thu, 1 Oct 1998, Steve Nash wrote:

Im curious if anyone knows of the "milk" attack. Our network was just slammed by such an attack for about an hour all aimed at one of our core routers. A "sh ip cache x.x.x.x x.x.x.x fl" on it showed this:

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts B/Pk Active Fa0/0 208.10.5.2 Local X.X.X.X 11 0498 0017 164K1028 985.3

except from 10 to 15 hosts all nailing us at the same time. The protocol as you see is "11" which I have been unable to find information about. There was no way to filter it and access-lists denying protocol "11" showed 0 matches. Anyone have any ideas?

-- \\|// -(@ @)- ==oOO==(_)==OOo========================================================= Steven Nash snash@lightning.net l i g h t n i n g i n t e r n e t s e r v i c e s l l c Chief Backbone Engineer -- Network Engineering http://www.lightning.net

-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* KORNET Network Assistance Manager(Centural O&M Center) - Voice : 82-2-766-5902 -Fax : 82-2-766-5901 -E-Mail : knight@kix.net ====================================================================