Re: [fw-wiz] udp port 0




I think you are right. udp 0 is used variously as

next available port (dynamic port assignment)for some Unices
dos attack on early version of cp fw1

Officially, it is reserved under IANA as an unused port.

I would check the OS of the sending and receiving machines. If they
are some flavor of Unix then you could content inspect for protocol
to see if the socket is legitimate.

--Patrick Darden


-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx]On Behalf Of
shadow floating
Sent: Monday, February 04, 2008 12:01 PM
To: firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
Subject: [fw-wiz] udp port 0


Hi list
i keep getting logs from my IOS router 12.4 T about denying udp packet
ip a.a.a.a (0) --> b.b.b.b (0)
i kept googling about udp port zero and it's apperantly not used , at
least legitimately. I also inspected the traffic from the logged ip
address via wireshark and it never captures and udp packet with src or
dst port 0, but i still get these logs all day long.
anyone got idea about what it? is it some kind like udp tracerouting ?
thanks alot

regards,
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards