Terry Lee Moore wrote:
>
> > Date: Wed, 19 Jul 2000 13:58:32 -0500
> > From: "Gary Maltzen" <[EMAIL PROTECTED]>
> > Subject: denying tcp/0
>
> > I keep seeing (and denying) tcp packets with both source and
> destination
> > port zero; can somebody tell me what purpose these serve?
>
> Gary,
> tcp port 0 on a Cisco router is a bug.
Ah, somebody else has seen this too :)
I had to specifically allow port 0 to get some applications and
systems working...primarily those associated with RPC. This even
though I had tcp port specific filtering rules in the access list.
Back to the original question:
I've seen people mention that scanners like nmap use the slightly
different responses to port 0 connection attempts to identify
operating systems.
> And finally, another example from Cisco:
>
> > Here are some other examples:
>
> > access-list 111 permit tcp any gt 0 any gt 0 log
> > access-list 111 permit udp any gt 0 any gt 0 log
> > access-list 111 permit ip any any 0 log
I'd limit this to only the applications and systems that need it.
Blanket permits make me nervous...particularly when associated with
a bug. :)
Gary Flynn
Security Engineer - Technical Services
James Madison University
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
