[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DDoS using port 0 and 53 (DNS)

Subject: DDoS using port 0 and 53 (DNS)
From: sthaug at nethelp.no (sthaug at nethelp.no)
Date: Wed, 25 Jul 2012 08:13:20 +0200 (CEST)
In-reply-to: <CAAAwwbUoQ8efXKfig+4DgXOLWY+mhu-O4Mtbf=UJdf6vyX9aaw@mail.gmail.com>
References: <[email protected]> <[email protected]> <CAAAwwbUoQ8efXKfig+4DgXOLWY+mhu-O4Mtbf=UJdf6vyX9aaw@mail.gmail.com>

> The port number of the Layer 4 connection cannot be determined without
> executing IP fragment reassembly in that case.    Routers normally
> reassemble fragments they receive, if possible.

No, routers normally do *not* reassemble fragments. This is typically
done by hosts and firewalls.

Steinar Haug, Nethelp consulting, sthaug at nethelp.no

Follow-Ups:
- DDoS using port 0 and 53 (DNS)
  - From: rdobbins at arbor.net (Dobbins, Roland)

References:
- DDoS using port 0 and 53 (DNS)
  - From: frnkblk at iname.com (Frank Bulk)
- DDoS using port 0 and 53 (DNS)
  - From: rdobbins at arbor.net (Roland Dobbins)
- DDoS using port 0 and 53 (DNS)
  - From: mysidia at gmail.com (Jimmy Hess)

Prev by Date: DDoS using port 0 and 53 (DNS)
Next by Date: DDoS using port 0 and 53 (DNS)
Previous by thread: DDoS using port 0 and 53 (DNS)
Next by thread: DDoS using port 0 and 53 (DNS)
Index(es):
- Date
- Thread