Home page logo
/

basics logo Security Basics mailing list archives

Re: Outbound Port 0 UDP?
From: Mark Bassett <zosxavius () gmail com>
Date: Mon, 06 Jun 2005 22:06:16 -0400

Windump helped me sort this out.

20:10:22.458929 IP kia.60400 > 37.140.78.83.cust.bluewin.ch.0: UDP, length: 58

It appears people have begun using port 0 for a data port for Bittorrent. Why someone would use a reserved port that does not accept inbound connections I have no idea unless they do not know what they are doing. Only the OS should answer to port 0 and different OSes answer differently, thus allowing fingerprinting. I could see having inbound port 0 attempts, but why a client would request UDP to port 0 is beyond me. As such port 0 should be firewalled heavily IMO, unless you would like to route it to a honeypot. Is it possible to run an unpatched Windows95 box in the DMZ for a long period of time? I think it would make a lovely target. Needless to say this recent scare has motivated me to set up a diskless firewall/router with snort. Since my home LAN is sitting behind a NAT with every port stealthed I really haven't had much problems running firewalls on all my machines. The inbound trojan traffic is troubling however as well with the constant portscans. For some reason I've noticed a very large spike in the last 6 months of logs I've had. I guess the zombie networks are on the rise these days.

Mark Bassett


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]