Re: TCP and UDP Port 0 - Should an ISP or ITP Block it?

[Mel Beckman <mel () beckman org>]

“SHOULD” is not “SHALL”, and thus this doesn’t countermand RFC 768’s instruction “ If not used, a value of zero is 
inserted." So the key question is, when is the source port not used? When a reply is not requested, is my thinking. Is 
there an application that implements this in UDP? (it’s nonsensical in TCP, which always requires a handshake, after 
all). I don’t recall one, but I can envision one: sending a one-way notification that requires no acknowledgement.

Given that IP is designed to be extensible to support innovation, who’s to say that there won’t eventually be (if there 
isn’t already) an application that happens to follow the standard-declared mandate “If not used, a value of zero is 
inserted"? Should this application be randomly crippled (by inconsistent filtering) for simply following the rules?

I know some say there is a security risk to zero-sourced UDP, but it seems to me that risk is only due to incorrect IP 
stack code. Zero-sourced UDP should be in everyone’s regression tests to verify non-dangerous behavior, since it’s an 
edge case specifically noticed by the standard.

I think filtering zero-sourced UDP flies in the face of fundamental Internet interoperability.

 -mel

On Aug 25, 2020, at 8:06 AM, Douglas Fischer <fischerdouglas () gmail com> wrote:


Sorry!

sed 's/"I can think"/"I can't think"/g'

Em ter., 25 de ago. de 2020 às 09:16, Töma Gavrichenkov <ximaera () gmail com<mailto:ximaera () gmail com>> escreveu:
Peace,

On Tue, Aug 25, 2020, 2:14 PM Douglas Fischer <fischerdouglas () gmail com<mailto:fischerdouglas () gmail com>>
I can think of a genuine use of it.

I'm curious which one.
With Berkeley sockets there's technically no way to bind(2) to this port without some amount of kernel patching 
applied, and the system cannot allocate it by itself, either.

--
Töma


--
Douglas Fernando Fischer
Engº de Controle e Automação