Security Incidents mailing list archives

unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr[

From: "Melt Man" <ran_mobby () rediffmail com>
Date: 18 Oct 2002 13:31:15 -0000

Dear sir.

I'm facing this packets continuously on my server.

Can someone please explain me what these packets r and for whatthey r used?

is this possibly a DDOS attack??

the sample tcpdump output is:

20:32:22.658735 200.213.38.137.1812 > XX.XX.XX.XX.1812: rad-#0 41[id 0] Attr[ Term_action Term_action Term_action Term_action Term_action Term_action Term_action Term_action Term_actionTerm_action Term_action


second time tcpdump

20:39:57.168735 202.30.10.188.1812 > XX.XX.XX.XX.1812: rad-#0 41[id 0] Attr[ Term_action

This Line Term_action goes on till infinity (or may b till run outof buffers)

Means these packets are coming from a different different Ipaddresses ...


I'm not running anything on 1812 port (neither udp or tcp)
Does above packet mean another protocol than udp/tcp ??

can someone please explain me the above problem ...

i'm getting worried about the traffic coming to my servers ....

Thanking you,
Mobby



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.

For more information on this free incident handling, managementand tracking system please see: http://aris.securityfocus.com

Current thread:

unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr[ Melt Man (Oct 18)
- Re: unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr[ James Sneeringer (Oct 20)
- Re: unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr[ Ryan Yagatich (Oct 20)
- Re: unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr[ James Williams (Oct 22)
- <Possible follow-ups>
- RE: unusual packet (tcpdump shows): rad-#0 41 [id 0] Attr[ James Williams (Oct 24)