Firewall Wizards mailing list archives
Re: udp port 0
From: Tony Rall <trall () almaden ibm com>
Date: Tue, 5 Feb 2008 16:11:16 -0800
On Tuesday, 2008-02-05 at 08:21 EST, "Darden, Patrick S." <darden () armc org> wrote:
I think you are right. udp 0 is used variously as next available port (dynamic port assignment)for some Unices dos attack on early version of cp fw1
Port 0 can also be caused by an access filter that doesn't specify the port - like: deny udp 1.2.3.4 any log IOS logs all udp hitting this rule as port 0. If I want to see the ports in the log, I usually use: deny udp 1.2.3.4 any gt 0 log (Of course, then I definitely won't see any real port 0 usage.) -- Tony Rall
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- udp port 0 shadow floating (Feb 04)
- Re: udp port 0 Darden, Patrick S. (Feb 05)
- Re: udp port 0 Tony Rall (Feb 06)
- Re: udp port 0 Husnu Demir (Feb 05)
- Re: udp port 0 rainer . ginsberg (Feb 06)
- Re: udp port 0 stursa (Feb 06)
- Message not available
- Message not available
- udp port 0 shadow floating (Feb 07)
- Message not available
- Re: udp port 0 Darden, Patrick S. (Feb 05)
- <Possible follow-ups>
- Re: udp port 0 Kristian Erik Hermansen (Feb 06)