That's correct, I can only blame my lack of coffee at that point for the oversight. I went back and looked at where we have this implemented and it's only TCP.
Scott Helms On Tue, Aug 25, 2020 at 8:46 AM Job Snijders <j...@ntt.net> wrote: > > On Tue, Aug 25, 2020 at 08:27:24AM -0400, K. Scott Helms wrote: > > Comcast is blocking it. From the table on that page. > > > > "Port 0 is a reserved port, which means it should not be used by > > applications. Network abuse has prompted the need to block this port." > > The 'Transport' column seems to indicate that TCP port 0 is blocked, but > not that UDP port 0 is blocked. I believe there are comcast people on > this mailing list, it would be interesting to hear what the > considerations were to block one but not the other. > > > "What about UDP IP fragmentation?" > > > > I'm not sure I follow this. The IP packet will be fragmented with UDP > > inside it. When the IP packet gets put together the UDP PDU will have > > a port number. It's possible that some packet analyzers or network > > gear will improperly "see" a partial UDP flow as port 0 but that's a > > mischaracterization of the flow. > > You are absolutely right. There is no layer-4 header in a fragment. > 'port 0' in netflow/ipfix traffic analyzer tools when displayed may be > the result of a lack of ability to label it differently in the > datastructures used. "mischaracterization" is a fitting word :-) > > Kind regards, > > Job