Most likely someone was trying to do some "passive OS fingerprinting" with
hping2. The default port the hping2 uses is 0. They might have been trying
to map your network or they may have been just poking around.
Neil
""Nurarif W"" <[EMAIL PROTECTED]> wrote in message
009c01c081eb$19cc9730$1600000a@pokemon">news:009c01c081eb$19cc9730$1600000a@pokemon...
> Hi,
>
> Does anyone know what is the purpose of tcp port number 0 ?
> I have an experience catching traffic coming from HTTP server with tcp =
> port number 0 and destinated to any IP address with tcp port number 0. =
> After I put an incoming acces-list that blocked port number 0, a few =
> minute later I saw this packet was never being generated again. The =
> access-list is applied for incoming traffic.
> For example :
>
> access-list 101 deny tcp host HTTPserver eq 0 any log
> access-list 101 deny tcp any any eq 0 log
> access-list 101 deny tcp any eq 0 any log
> access-list 101 permit ip any any
>
> Thank you
>
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
