On Wed, 2 Feb 2005 18:59:17 +0100 Sven Uebelacker <[EMAIL PROTECTED]> wrote:
> Can you specify the protocol? For TCP and UDP it is a reserved port not to > be used (RFC 1700). In case it's UDP Port 0 see: UDP source port 0 is valid in many cases. RFC 768 says this: Source Port is an optional field, when meaningful, it indicates the port of the sending process, and may be assumed to be the port to which a reply should be addressed in the absence of any other information. If not used, a value of zero is inserted. In addition, depending on how you examine packets, fragments may look like port 0 to some apps. You probably wouldn't want to filter those. > "Recommendations: > Although port 0 is a valid TCP / UDP port number, it is highly recommend > that one should block any traffic using this port at your firewall. No > program should be listening on port 0 and no program should connect from > port 0 thus it should be blocked. " That's a poorly researched recommendation. John _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
