[unisog] Port 0

Stephen Gill gillsr at cymru.com
Thu Oct 27 16:03:29 GMT 2005


For a recommended subset of ICMP filtering, see:

    <http://www.cymru.com/Documents/icmp-messages.html>

Cheers,
-- steve

> From: Ken Connelly <Ken.Connelly at uni.edu>
> Reply-To: "UNIversity Security Operations Group <unisog at lists.sans.org>"
> <unisog at lists.sans.org>
> Date: Thu, 27 Oct 2005 10:46:00 -0500
> To: "UNIversity Security Operations Group <unisog at lists.sans.org>"
> <unisog at lists.sans.org>
> Subject: Re: [unisog] Port 0
> 
> ICMP doesn't have a port associated with it.  ICMP packets have a type
> and often a code, but not a port.  See
> http://www.iana.org/assignments/icmp-parameters for details.
> 
> And it wouldn't be a good thing to simply block all ICMP packets.
> 
> - ken
> 
> Christensen, Eric wrote:
> 
>> I was reviewing my firewall logs this morning and found a few packets going
>> to and from port 0.  Apparently they were ICMP packets.  I think that is
>> probably legitimate but I'm thinking that many computers might accept these
>> packets thinking they are legit when they are really attacks.  If they are
>> just ICMP packets you could just block them.  Right?
>> 
>> Thanks,
>> Eric Christensen
>> Technology Support Specialist
>> 
>> ECU Police Department
>> 608C E 10th St
>> Greenville NC 27858-4353
>> http://www.ecu.edu/police
>> 
>> EMERGENCY DIAL 911
>> (252)328-1155 - Office
>> (252)328-6787 - 911 Communications
>> (252)328-6965 - Fax
>>  
>> 
>> ------------------------------------------------------------------------
>> 
>> _______________________________________________
>> unisog mailing list
>> unisog at lists.sans.org
>> http://www.dshield.org/mailman/listinfo/unisog
>>  
>> 
> 
> -- 
> - Ken
> =================================================================
> Ken Connelly Systems and Operations Manager, ITS Network Services
> University of Northern Iowa           Cedar Falls, IA  50614-0121
> email: Ken.Connelly at uni.edu
> phone: (319) 273-5850   fax: (319) 273-7373
> 
> It's much more important to know what you don't know than what you do know!
> 
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
> 




More information about the unisog mailing list