Firewall Wizards mailing list archives
Re: udp port 0
From: stursa () 695online com
Date: Tue, 5 Feb 2008 17:24:10 -0500 (EST)
shadow floating said:
Hi list i keep getting logs from my IOS router 12.4 T about denying udp packet ip a.a.a.a (0) --> b.b.b.b (0) i kept googling about udp port zero and it's apperantly not used , at least legitimately. I also inspected the traffic from the logged ip address via wireshark and it never captures and udp packet with src or dst port 0, but i still get these logs all day long. anyone got idea about what it? is it some kind like udp tracerouting ? thanks alot
What you are seeing may just be an artifact. Several jobs ago I maintained ACLs in a wide variety of IOS devices (7200 routers, CAT 6500 switches) and a number of different IOS levels. I discovered on some of them that a permit/deny statement would log port 0 for both TCP and UDP unless the port number was specified. Presumably right now you've got an ACE something like: access-list 101 deny udp <src> <mask> <dest> <mask> log Change it to: access-list 101 deny udp <src> <mask> <dest> <mask> range 0 65535 log and see if that makes any difference. HTH, SLS -- It's not having what you want. It's wanting what you've got. Scott L. Stursa CCNA, MCSA, Security+ _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- udp port 0 shadow floating (Feb 04)
- Re: udp port 0 Darden, Patrick S. (Feb 05)
- Re: udp port 0 Tony Rall (Feb 06)
- Re: udp port 0 Husnu Demir (Feb 05)
- Re: udp port 0 rainer . ginsberg (Feb 06)
- Re: udp port 0 stursa (Feb 06)
- Message not available
- Message not available
- udp port 0 shadow floating (Feb 07)
- Message not available
- Re: udp port 0 Darden, Patrick S. (Feb 05)
- <Possible follow-ups>
- Re: udp port 0 Kristian Erik Hermansen (Feb 06)