[unisog] anyone else seeing lots of popup spam/malware?

Karyn Williams karyn at calarts.edu
Wed Oct 26 16:59:59 GMT 2005


At 09:40 AM 10/26/05 -0700, you wrote:
>	One point of interest, they seem to only be targetting our class B (we
>also have around 16 Cs spread around various ranges). I just added a permit
>but log access list in my border router which should tell me if there is any
>legit traffic to udp port 0 (I doubt it, but we will see) and if not an 
>inbound block is in order on general principles.
>
>Peter Van Epp / Operations and Technical Support 
>Simon Fraser University, Burnaby, B.C. Canada
>_______________________________________________
>unisog mailing list
>unisog at lists.sans.org
>http://www.dshield.org/mailman/listinfo/unisog
>

There will not be any legit traffic sourced or destined with a port of 0
either UDP or TCP. It is offically a reserved port. A source port from a
client should be in the range of 1025-65535. 

The range for assigned ports managed by the IANA is 0-1023.

The Registered Ports are in the range 1024-49151.


http://www.iana.org/assignments/port-numbers

 
-- 

Karyn Williams
Network Services Manager
California Institute of the Arts
karyn at calarts.edu
http://www.calarts.edu/network


More information about the unisog mailing list