nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Port 0 traffic

From: "Christopher L. Morrow" <christopher.morrow () mci com>
Date: Sat, 09 Apr 2005 03:26:28 +0000 (GMT)


On Fri, 8 Apr 2005, Sean Donelan wrote:



On Fri, 8 Apr 2005, Simon Waters wrote:

Whilst we are on dross that turns up at DNS servers, how about traffic for
port 0, surely this could be killed at the routing level as well, anyone got
any figures for how much port 0 traffic is around? My understanding is it is
mostly either scanning, or broken firewalls, neither of which are terribly
desirable things to have on your network, or to ship out to other peoples
networks.


Or packet MTU fragmentation.  Many security products mis-interpret the
packet header on a fragment and display port "0" instead of port "N/A".

And just like people who drop all ICMP packets, if you drop all fragments,
stuff breaks in weird ways.  But its your network, you can break it any
way you want.


<stepping off horsey>

Sean makes a good point, 'randomly' dropping traffic that 'seems bad to
you' is rarely a good plan :( Hopefully people check to see if the traffic
has a use and has some operational validity before just deciding to drop
it? Even icmp has it's place in the world...

 </stepping off horsey>
Previous By Date Next
Previous By Thread Next

Current thread: