Re: [fw-wiz] udp port 0
- From: stursa@xxxxxxxxxxxxx
- Date: Tue, 5 Feb 2008 17:24:10 -0500 (EST)
shadow floating said:
Hi list
i keep getting logs from my IOS router 12.4 T about denying udp packet
ip a.a.a.a (0) --> b.b.b.b (0)
i kept googling about udp port zero and it's apperantly not used , at
least legitimately. I also inspected the traffic from the logged ip
address via wireshark and it never captures and udp packet with src or
dst port 0, but i still get these logs all day long.
anyone got idea about what it? is it some kind like udp tracerouting ?
thanks alot
What you are seeing may just be an artifact.
Several jobs ago I maintained ACLs in a wide variety of IOS devices (7200
routers, CAT 6500 switches) and a number of different IOS levels. I
discovered on some of them that a permit/deny statement would log port 0
for both TCP and UDP unless the port number was specified.
Presumably right now you've got an ACE something like:
access-list 101 deny udp <src> <mask> <dest> <mask> log
Change it to:
access-list 101 deny udp <src> <mask> <dest> <mask> range 0 65535 log
and see if that makes any difference.
HTH,
SLS
--
It's not having what you want.
It's wanting what you've got.
Scott L. Stursa
CCNA, MCSA, Security+
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] udp port 0
- From: shadow floating
- [fw-wiz] udp port 0
- Prev by Date: Re: [fw-wiz] udp port 0
- Next by Date: Re: [fw-wiz] udp port 0
- Previous by thread: Re: [fw-wiz] udp port 0
- Next by thread: [fw-wiz] udp port 0
- Index(es):
Relevant Pages
|
|
