Re: Outbound Port 0 UDP?

[Mark Bassett <zosxavius () gmail com>]

Windump helped me sort this out.

20:10:22.458929 IP kia.60400 > 37.140.78.83.cust.bluewin.ch.0: UDP, 
length: 58

It appears people have begun using port 0 for a data port for 
Bittorrent.  Why someone would use a reserved port that does not accept 
inbound connections I have no idea unless they do not know what they are 
doing. Only the OS should answer to port 0 and different OSes answer 
differently, thus allowing fingerprinting. I could see having inbound 
port 0 attempts, but why a client would request UDP to port 0 is beyond 
me. As such port 0 should be firewalled heavily IMO, unless you would 
like to route it to a honeypot.  Is it possible to run an unpatched 
Windows95 box in the DMZ for a long period of time? I think it would 
make a lovely target. Needless to say this recent scare has motivated me 
to set up a diskless firewall/router with snort. Since my home LAN is 
sitting behind a NAT with every port stealthed I really haven't had much 
problems running firewalls on all my machines.  The inbound trojan 
traffic is troubling however as well with the constant portscans.  For 
some reason I've noticed a very large spike in the last 6 months of logs 
I've had.  I guess the zombie networks are on the rise these days.

Mark Bassett