Re: [fw-wiz] udp port 0




I think you are right. udp 0 is used variously as

next available port (dynamic port assignment)for some Unices
dos attack on early version of cp fw1

Officially, it is reserved under IANA as an unused port.

I would check the OS of the sending and receiving machines. If they
are some flavor of Unix then you could content inspect for protocol
to see if the socket is legitimate.

--Patrick Darden


-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx]On Behalf Of
shadow floating
Sent: Monday, February 04, 2008 12:01 PM
To: firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
Subject: [fw-wiz] udp port 0


Hi list
i keep getting logs from my IOS router 12.4 T about denying udp packet
ip a.a.a.a (0) --> b.b.b.b (0)
i kept googling about udp port zero and it's apperantly not used , at
least legitimately. I also inspected the traffic from the logged ip
address via wireshark and it never captures and udp packet with src or
dst port 0, but i still get these logs all day long.
anyone got idea about what it? is it some kind like udp tracerouting ?
thanks alot

regards,
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: UDP question
    ... Re: UDP question.eml ... >>> Most modern services utilise TCP, ... The only open port should be the port I use for Open VPN, ...
    (Security-Basics)
  • Re: Unrecognized UDP Packets
    ... On the cFP-2120 I have an application with a loop waiting on UDP ... receives an unexpected UDP packet from each of the other 3 FieldPoint ... The remote port for these unexpected packets is ...
    (comp.lang.labview)
  • Re: Block UDP Ports?
    ... I'm using Checkpoint Firewall-1. ... reasonable that Firewall-1 would leave UDP wide open. ... > UDP ICMP port unreachable scanning: This scanning method varies from the ...
    (comp.security.firewalls)
  • UDP DoS attack in Win2k via IKE
    ... This memo should clarify the issue discovered with the UDP DOS ... Sending of UDP traffic to port 500 UDP will cause windows to ... attacked host is an IPSec gateway). ...
    (Bugtraq)
  • Re: Bind as cache DNS and firewall
    ... As it's UDP I think of UDP queries going from my cache server to other DNS server, and I catch their UDP responses in the firewall. ... So I should open my firewall for UDP on port 53 for all the world? ...
    (comp.protocols.dns.bind)