nanog mailing list archives
Re: DDoS using port 0 and 53 (DNS)
From: John Kristoff <jtk () cymru com>
Date: Wed, 25 Jul 2012 09:43:43 -0500
On Tue, 24 Jul 2012 23:10:52 -0500 Jimmy Hess <mysidia () gmail com> wrote:
It should be relatively safe to drop (non-fragment) packets to/from port 0.
[...] Some UDP applications will use zero as a source port when they do not expect a response, which is how many one-way UDP-based apps operate, though not all. This behavior is spelled out in the IETF RFC 768: "Source Port is an optional field, when meaningful, it indicates the port of the sending process, and may be assumed to be the port to which a reply should be addressed in the absence of any other information. If not used, a value of zero is inserted." John
Current thread:
- DDoS using port 0 and 53 (DNS) Frank Bulk (Jul 24)
- Re: DDoS using port 0 and 53 (DNS) Roland Dobbins (Jul 24)
- RE: DDoS using port 0 and 53 (DNS) Frank Bulk (Jul 24)
- Re: DDoS using port 0 and 53 (DNS) Jimmy Hess (Jul 24)
- Re: DDoS using port 0 and 53 (DNS) sthaug (Jul 24)
- Re: DDoS using port 0 and 53 (DNS) Dobbins, Roland (Jul 24)
- Re: DDoS using port 0 and 53 (DNS) Dobbins, Roland (Jul 24)
- RE: DDoS using port 0 and 53 (DNS) Frank Bulk (Jul 25)
- Re: DDoS using port 0 and 53 (DNS) Dobbins, Roland (Jul 25)
- Re: DDoS using port 0 and 53 (DNS) Roland Dobbins (Jul 24)
- Re: DDoS using port 0 and 53 (DNS) John Kristoff (Jul 25)
- Re: DDoS using port 0 and 53 (DNS) Joel Maslak (Jul 25)
- Re: DDoS using port 0 and 53 (DNS) Dobbins, Roland (Jul 25)
- Re: DDoS using port 0 and 53 (DNS) Mark Andrews (Jul 25)
- Re: DDoS using port 0 and 53 (DNS) Dobbins, Roland (Jul 25)