Re: [fw-wiz] udp port 0




shadow floating said:
Hi list
i keep getting logs from my IOS router 12.4 T about denying udp packet
ip a.a.a.a (0) --> b.b.b.b (0)
i kept googling about udp port zero and it's apperantly not used , at
least legitimately. I also inspected the traffic from the logged ip
address via wireshark and it never captures and udp packet with src or
dst port 0, but i still get these logs all day long.
anyone got idea about what it? is it some kind like udp tracerouting ?
thanks alot

What you are seeing may just be an artifact.

Several jobs ago I maintained ACLs in a wide variety of IOS devices (7200
routers, CAT 6500 switches) and a number of different IOS levels. I
discovered on some of them that a permit/deny statement would log port 0
for both TCP and UDP unless the port number was specified.

Presumably right now you've got an ACE something like:

access-list 101 deny udp <src> <mask> <dest> <mask> log

Change it to:

access-list 101 deny udp <src> <mask> <dest> <mask> range 0 65535 log

and see if that makes any difference.

HTH,
SLS


--
It's not having what you want.
It's wanting what you've got.

Scott L. Stursa
CCNA, MCSA, Security+
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: [fw-wiz] udp port 0
    ... I believe this is a feature of IOS. ... port numbers, they are logged as port 0. ... UDP in general, IOS doesn't have to check the port number for a decision ... whether to block or accept the packet. ...
    (Firewall-Wizards)
  • Re: [fw-wiz] udp port 0
    ... next available port for some Unices ... i keep getting logs from my IOS router 12.4 T about denying udp packet ... but i still get these logs all day long. ...
    (Firewall-Wizards)
  • KDC does not properly start
    ... I receive the following in the logs: ... krb5kdc: Invalid argument - Cannot bind server socket to port 88 address ... krb5kdc: set up 1 sockets krb5kdc: commencing operation in the logs and still nothing on port 88 (udp or otherwise). ...
    (comp.protocols.kerberos)
  • What port?
    ... I've seen in the logs, quite a few scans for port 7520 on both TCP and ... UDP. ...
    (comp.security.firewalls)
  • Re: UDP question
    ... Re: UDP question.eml ... >>> Most modern services utilise TCP, ... The only open port should be the port I use for Open VPN, ...
    (Security-Basics)