[unisog] anyone else seeing lots of popup spam/malware?

John Kristoff jtk at northwestern.edu
Fri Oct 28 02:35:07 GMT 2005


On Wed, 26 Oct 2005 10:18:44 -0500 (EST)
John Rowan Littell <littejo at earlham.edu> wrote:

> Is there any good reason not to block UDP port 0 packets on general
> principle?

>From RFC 768:

  Source Port is an optional field, when meaningful, it indicates the port
  of the sending  process,  and may be assumed  to be the port  to which a
  reply should  be addressed  in the absence of any other information.  If
  not used, a value of zero is inserted.

UDP packets with src port = 0 are widely used.  Furthermore, depending
on how something classifies a packet, a port may appear to be zero when
in fact the packet is just a fragment (e.g. Netflow is known to do this).

John



More information about the unisog mailing list