North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Port 0 traffic

  • From: Sean Donelan
  • Date: Fri Apr 08 15:10:12 2005

On Fri, 8 Apr 2005, Simon Waters wrote:
> Whilst we are on dross that turns up at DNS servers, how about traffic for
> port 0, surely this could be killed at the routing level as well, anyone got
> any figures for how much port 0 traffic is around? My understanding is it is
> mostly either scanning, or broken firewalls, neither of which are terribly
> desirable things to have on your network, or to ship out to other peoples
> networks.

Or packet MTU fragmentation.  Many security products mis-interpret the
packet header on a fragment and display port "0" instead of port "N/A".

And just like people who drop all ICMP packets, if you drop all fragments,
stuff breaks in weird ways.  But its your network, you can break it any
way you want.