[fw-wiz] udp port 0



thanks alot guys for your help
but after applying
deny tcp any range 0 65535 any range 0 65535 log
deny udp any range 0 65535 any range 0 65535 log
every thing seem to be working fine
although there were specific rules for denying ip addresses i see in
the logs like deny udp 192.168.1.0 0.0.0.255 any log...but it seems
that this rule was not enough to identify the correct port

many thanks to you Koug and many thanks to all of you guys

regards,



On Feb 6, 2008 10:39 AM, John Kougoulos <koug@xxxxxxxxxxx> wrote:

Either the packet is a fragment (so there is no source - dest port),
or you need to specify the "deny ip any any log" statement as follows, so
that it logs correctly the port numbers:

deny tcp any range 0 65535 any range 0 65535 log
deny udp any range 0 65535 any range 0 65535 log
deny ip any any log


--koug


On Mon, 4 Feb 2008, shadow floating wrote:

Hi list
i keep getting logs from my IOS router 12.4 T about denying udp packet
ip a.a.a.a (0) --> b.b.b.b (0)
i kept googling about udp port zero and it's apperantly not used , at
least legitimately. I also inspected the traffic from the logged ip
address via wireshark and it never captures and udp packet with src or
dst port 0, but i still get these logs all day long.
anyone got idea about what it? is it some kind like udp tracerouting ?
thanks alot

regards,

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards