There really isn't any significance to the 'port 0' part of the log entry
because ICMP is not TCP or UDP and does not have the concept of a port
number.
It will all depend on the ICMP packet types to know what the potential
attacker was attempting. If they were just ICMP echo requests (i.e.
pings), they may have been attempting to see if certain IPs were being
used in your organization.
-Jason
On Wed, 15 Dec 1999, Edy - UOL wrote:
> Date: Wed, 15 Dec 1999 15:27:05 -0200
> From: Edy - UOL <[EMAIL PROTECTED]>
> To: firewall-lista <[EMAIL PROTECTED]>
> Subject: Something about port 0
>
> Hello all,
>
>
> In my log files, I am seen an ip address that send to me many icmp packets
> to search my network 200.224.x.1 to 200.224.x.255 on port 0 ( zero).
>
> What is looks like ??? This is an icmp attack to discovery wich server are
> in this network ??
>
> THx all,
>
> Edy Rojas.
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
AT&T Wireless Services
IT Security
UNIX Security Operations Specialist
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
