Re: [fw-wiz] udp port 0



I believe this is a feature of IOS. If it denies packets before checking
port numbers, they are logged as port 0. E.g., if your access list denies
UDP in general, IOS doesn't have to check the port number for a decision
whether to block or accept the packet.

Best regards,
Rainer


Rainer Ginsberg
Security, Voice & Network Planning


Phone: +49 621 60-94660, Fax: +49 621 60-6694660, E-Mail:
rainer.ginsberg@xxxxxxxxxxxxxxxxxxxx
Postal Address: BASF IT Services GmbH, IN-CP - C010, 67059 Ludwigshafen,
Germany


www.basf-it-services.com


BASF IT Services GmbH, Registered Office: 67059 Ludwigshafen, Germany
Companies' Register: Amtsgericht Ludwigshafen, HRB 3541
Managing Directors:
Andreas Biermann, Dr. Ralf Sonnberger
Chairman of the Supervisory Board: Andrew Pike





"shadow floating"
<nadengine@google
mail.com> To
Sent by: firewall-wizards@xxxxxxxxxxxxxxxxxx
firewall-wizards- t.com
bounces@listserv. cc
cybertrust.com
Subject
[fw-wiz] udp port 0 (Plain)
04.02.2008 18:00


Please respond to
Firewall Wizards
Security Mailing
List
<firewall-wizards
@listserv.cybertr
ust.com>






Hi list
i keep getting logs from my IOS router 12.4 T about denying udp packet
ip a.a.a.a (0) --> b.b.b.b (0)
i kept googling about udp port zero and it's apperantly not used , at
least legitimately. I also inspected the traffic from the logged ip
address via wireshark and it never captures and udp packet with src or
dst port 0, but i still get these logs all day long.
anyone got idea about what it? is it some kind like udp tracerouting ?
thanks alot

regards,
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Executio
    ... maybe abit more about packet infos.. ... more when the author comes out with it wich is, possibly never, but, i ... wich the port opens, but this is undisclosed. ... I have looked at this and, you dont need to be udp... ...
    (Full-Disclosure)
  • RE: Strange repeating probes to port 80
    ... What is in the packet? ... Strange repeating probes to port 80 ... IMHO, it might be some botnet command center, which sends UDP probes ... Then after ACK from remote host TCP data is sent ...
    (Security-Basics)
  • Re: UDP to port 1027
    ... directing you to go to some spammers website where FOR ONLY US$29.95 plus ... just because someone tried to connect to port X only ... That's a guess based on the size of the packet. ... Undelivered UDP ...
    (comp.security.firewalls)
  • Re: Blocking Ports 137 to 139
    ... > DNS uses the UDP protocol, ... > inbound UDP from Port 53 to any dynamic high port. ... > can also limit it to the application making the request. ... > be open for the UDP packet at that local port is the one making the original ...
    (comp.security.firewalls)
  • Re: [fw-wiz] udp port 0
    ... i keep getting logs from my IOS router 12.4 T about denying udp packet ... dst port 0, but i still get these logs all day long. ... Several jobs ago I maintained ACLs in a wide variety of IOS devices (7200 ...
    (Firewall-Wizards)