Firewall Wizards: Re: udp port 0

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

Re: udp port 0

From: Tony Rall <trall () almaden ibm com>
Date: Tue, 5 Feb 2008 16:11:16 -0800

On Tuesday, 2008-02-05 at 08:21 EST, "Darden, Patrick S." 
<darden () armc org> wrote:

I think you are right. udp 0 is used variously as

next available port (dynamic port assignment)for some Unices
dos attack on early version of cp fw1


Port 0 can also be caused by an access filter that doesn't specify the 
port - like:

deny udp 1.2.3.4 any log

IOS logs all udp hitting this rule as port 0.

If I want to see the ports in the log, I usually use:

deny udp 1.2.3.4 any gt 0 log

(Of course, then I definitely won't see any real port 0 usage.)

--
Tony Rall

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

By Date By Thread

Current thread:

udp port 0 shadow floating (Feb 04)
- Re: udp port 0 Darden, Patrick S. (Feb 05)
  - Re: udp port 0 Tony Rall (Feb 06)
- Re: udp port 0 Husnu Demir (Feb 05)
- Re: udp port 0 rainer . ginsberg (Feb 06)
- Re: udp port 0 stursa (Feb 06)
- Message not available
  - Message not available
    - udp port 0 shadow floating (Feb 07)
- <Possible follow-ups>
- Re: udp port 0 Kristian Erik Hermansen (Feb 06)