udp port 0

["shadow floating" <nadengine () googlemail com>]

thanks alot guys for your help
but after applying
 deny tcp any range 0 65535 any range 0 65535 log
 deny udp any range 0 65535 any range 0 65535 log
every thing seem to be working fine
although there were specific rules for denying ip addresses i see in
the logs like deny udp 192.168.1.0 0.0.0.255 any log...but it seems
that this rule was not enough to identify the correct port

many thanks to you Koug and many thanks to all of you guys

regards,



On Feb 6, 2008 10:39 AM, John Kougoulos <koug () intracom gr> wrote:
> Either the packet is a fragment (so there is no source - dest port),
> or you need to specify the "deny ip any any log" statement as follows, so
> that it logs correctly the port numbers:
>
> deny tcp any range 0 65535 any range 0 65535 log
> deny udp any range 0 65535 any range 0 65535 log
> deny ip any any log
>
>
> --koug
>
>
> On Mon, 4 Feb 2008, shadow floating wrote:
>
> > Hi list
> > i keep getting logs from my IOS router 12.4 T about denying udp packet
> > ip a.a.a.a (0) --> b.b.b.b (0)
> > i kept googling about udp port zero and it's apperantly not used , at
> > least legitimately. I also inspected the traffic from the logged ip
> > address via wireshark and it never captures and udp packet with src or
> > dst port 0, but i still get these logs all day long.
> > anyone got idea about what it? is it some kind like udp tracerouting ?
> > thanks alot
> >
> > regards,
>
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards () listserv icsalabs com
> > https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards