Firewall Wizards mailing list archives

Re: udp port 0

From: rainer.ginsberg () basf-it-services com
Date: Wed, 6 Feb 2008 11:06:49 +0100

I believe this is a feature of IOS. If it denies packets before checking
port numbers, they are logged as port 0. E.g., if your access list denies
UDP in general, IOS doesn't have to check the port number for a decision
whether to block or accept the packet.

Best regards,
Rainer


Rainer Ginsberg
Security, Voice & Network Planning


Phone: +49 621 60-94660, Fax: +49 621 60-6694660, E-Mail:
rainer.ginsberg () basf-it-services com
Postal Address: BASF IT Services GmbH, IN-CP - C010, 67059 Ludwigshafen,
Germany


www.basf-it-services.com


BASF IT Services GmbH, Registered Office: 67059 Ludwigshafen, Germany
Companies' Register: Amtsgericht Ludwigshafen, HRB 3541
Managing Directors:
Andreas Biermann, Dr. Ralf Sonnberger
Chairman of the Supervisory Board: Andrew Pike




                                                                           
             "shadow floating"                                             
             <nadengine@google                                             
             mail.com>                                                  To 
             Sent by:                  firewall-wizards@listserv.cybertrus 
             firewall-wizards-         t.com                               
             bounces@listserv.                                          cc 
             cybertrust.com                                                
                                                                   Subject 
                                       [fw-wiz] udp port 0 (Plain)         
             04.02.2008 18:00                                              
                                                                           
                                                                           
             Please respond to                                             
             Firewall Wizards                                              
             Security Mailing                                              
                   List                                                    
             <firewall-wizards                                             
             @listserv.cybertr                                             
                 ust.com>                                                  
                                                                           
                                                                           




Hi list
i keep getting logs from my IOS router 12.4 T about denying udp packet
ip a.a.a.a (0) --> b.b.b.b (0)
i kept googling about udp port zero and it's apperantly not used , at
least legitimately. I also inspected the traffic from the logged ip
address via wireshark and it never captures and udp packet with src or
dst port 0, but i still get these logs all day long.
anyone got idea about what it? is it some kind like udp tracerouting ?
thanks alot

regards,
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

udp port 0 shadow floating (Feb 04)
- Re: udp port 0 Darden, Patrick S. (Feb 05)
  - Re: udp port 0 Tony Rall (Feb 06)
- Re: udp port 0 Husnu Demir (Feb 05)
- Re: udp port 0 rainer . ginsberg (Feb 06)
- Re: udp port 0 stursa (Feb 06)
- Message not available
  - Message not available
    - udp port 0 shadow floating (Feb 07)
- <Possible follow-ups>
- Re: udp port 0 Kristian Erik Hermansen (Feb 06)