Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: ICMP Destination Unreachable Port Unreachable

From: Barrie Dempster <barrie () reboot-robot net>
Date: Wed, 16 Aug 2006 12:33:13 +0100
<off list>

On Tuesday 15 August 2006 21:45, Dude VanWinkle wrote:

Still, I cant seem to help but think there is something to this port 0
thingy

http://www.networkpenetration.com/port0.html

<snip>

3. Port 0 OS Fingerprinting
---------------------------
As port 0 is reserverd for special use as stated in RFC 1700. Coupled
with the fact that this port number is reassigned by the OS, no
traffic should flow over the internet using this port. As the
specifics are not clear different OS's have differnet ways of handling
traffic using port 0 thus they can be fingerprinted.




Although the port 0 in this case is a red herring and irrelevant. Port 0 
itself when used with TCP/UDP (not ICMP!) can actually be used on the 
Internet. A while back I modified netcat and my linux kernel so that it would 
allow usage of port 0 and was able to connect to a remote machine via TCP 
with that port and communicate fine.

A few routers, especially those with firewalling abilities, such as those 
commonly used in SOHOs, reject the packets silently.

In short port 0 is "reserved" most OSs use it to mean "random" (but this is 
not defined behaviour in an RFC, more of a tradition). If you do send out 
port 0 packets though, many routers will allow them.



-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

              - http://reboot-robot.net -

"He who hingeth aboot, geteth hee-haw" Victor - Still Game

Attachment: smime.p7s
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: