nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TCP and UDP Port 0 - Should an ISP or ITP Block it?

From: Job Snijders <job () ntt net>
Date: Tue, 25 Aug 2020 12:46:55 +0000
On Tue, Aug 25, 2020 at 08:27:24AM -0400, K. Scott Helms wrote:

Comcast is blocking it.  From the table on that page.

"Port 0 is a reserved port, which means it should not be used by
applications. Network abuse has prompted the need to block this port."


The 'Transport' column seems to indicate that TCP port 0 is blocked, but
not that UDP port 0 is blocked. I believe there are comcast people on
this mailing list, it would be interesting to hear what the
considerations were to block one but not the other.


"What about UDP IP fragmentation?"

I'm not sure I follow this.  The IP packet will be fragmented with UDP
inside it.  When the IP packet gets put together the UDP PDU will have
a port number.  It's possible that some packet analyzers or network
gear will improperly "see" a partial UDP flow as port 0 but that's a
mischaracterization of the flow.


You are absolutely right. There is no layer-4 header in a fragment.
'port 0' in netflow/ipfix traffic analyzer tools when displayed may be
the result of a lack of ability to label it differently in the
datastructures used. "mischaracterization" is a fitting word :-)

Kind regards,

Job
Previous By Date Next
Previous By Thread Next

Current thread: