Security Basics mailing list archives
Re: Outbound Port 0 UDP?
From: Mark Bassett <zosxavius () gmail com>
Date: Mon, 06 Jun 2005 22:06:16 -0400
Windump helped me sort this out.20:10:22.458929 IP kia.60400 > 37.140.78.83.cust.bluewin.ch.0: UDP, length: 58
It appears people have begun using port 0 for a data port for Bittorrent. Why someone would use a reserved port that does not accept inbound connections I have no idea unless they do not know what they are doing. Only the OS should answer to port 0 and different OSes answer differently, thus allowing fingerprinting. I could see having inbound port 0 attempts, but why a client would request UDP to port 0 is beyond me. As such port 0 should be firewalled heavily IMO, unless you would like to route it to a honeypot. Is it possible to run an unpatched Windows95 box in the DMZ for a long period of time? I think it would make a lovely target. Needless to say this recent scare has motivated me to set up a diskless firewall/router with snort. Since my home LAN is sitting behind a NAT with every port stealthed I really haven't had much problems running firewalls on all my machines. The inbound trojan traffic is troubling however as well with the constant portscans. For some reason I've noticed a very large spike in the last 6 months of logs I've had. I guess the zombie networks are on the rise these days.
Mark Bassett
Current thread:
- Outbound Port 0 UDP? Mark Bassett (Jun 06)
- <Possible follow-ups>
- Re: Outbound Port 0 UDP? Mark Bassett (Jun 08)
- Re: Outbound Port 0 UDP? ha (Jun 08)