Re: [fw-wiz] udp port 0

I believe this is a feature of IOS. If it denies packets before checking
port numbers, they are logged as port 0. E.g., if your access list denies
UDP in general, IOS doesn't have to check the port number for a decision
whether to block or accept the packet.

Best regards,

Rainer Ginsberg
Security, Voice & Network Planning

Phone: +49 621 60-94660, Fax: +49 621 60-6694660, E-Mail:
Postal Address: BASF IT Services GmbH, IN-CP - C010, 67059 Ludwigshafen,

BASF IT Services GmbH, Registered Office: 67059 Ludwigshafen, Germany
Companies' Register: Amtsgericht Ludwigshafen, HRB 3541
Managing Directors:
Andreas Biermann, Dr. Ralf Sonnberger
Chairman of the Supervisory Board: Andrew Pike

"shadow floating"
<nadengine@google> To
Sent by: firewall-wizards@xxxxxxxxxxxxxxxxxx
bounces@listserv. cc
[fw-wiz] udp port 0 (Plain)
04.02.2008 18:00

Please respond to
Firewall Wizards
Security Mailing

Hi list
i keep getting logs from my IOS router 12.4 T about denying udp packet
ip a.a.a.a (0) --> b.b.b.b (0)
i kept googling about udp port zero and it's apperantly not used , at
least legitimately. I also inspected the traffic from the logged ip
address via wireshark and it never captures and udp packet with src or
dst port 0, but i still get these logs all day long.
anyone got idea about what it? is it some kind like udp tracerouting ?
thanks alot

firewall-wizards mailing list

firewall-wizards mailing list

Relevant Pages

  • Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Executio
    ... maybe abit more about packet infos.. ... more when the author comes out with it wich is, possibly never, but, i ... wich the port opens, but this is undisclosed. ... I have looked at this and, you dont need to be udp... ...
  • RE: Strange repeating probes to port 80
    ... What is in the packet? ... Strange repeating probes to port 80 ... IMHO, it might be some botnet command center, which sends UDP probes ... Then after ACK from remote host TCP data is sent ...
  • Re: UDP to port 1027
    ... directing you to go to some spammers website where FOR ONLY US$29.95 plus ... just because someone tried to connect to port X only ... That's a guess based on the size of the packet. ... Undelivered UDP ...
  • Re: Blocking Ports 137 to 139
    ... > DNS uses the UDP protocol, ... > inbound UDP from Port 53 to any dynamic high port. ... > can also limit it to the application making the request. ... > be open for the UDP packet at that local port is the one making the original ...
  • Re: [fw-wiz] udp port 0
    ... i keep getting logs from my IOS router 12.4 T about denying udp packet ... dst port 0, but i still get these logs all day long. ... Several jobs ago I maintained ACLs in a wide variety of IOS devices (7200 ...