[unisog] anyone else seeing lots of popup spam/malware?
jtk at northwestern.edu
Fri Oct 28 02:35:07 GMT 2005
On Wed, 26 Oct 2005 10:18:44 -0500 (EST)
John Rowan Littell <littejo at earlham.edu> wrote:
> Is there any good reason not to block UDP port 0 packets on general
>From RFC 768:
Source Port is an optional field, when meaningful, it indicates the port
of the sending process, and may be assumed to be the port to which a
reply should be addressed in the absence of any other information. If
not used, a value of zero is inserted.
UDP packets with src port = 0 are widely used. Furthermore, depending
on how something classifies a packet, a port may appear to be zero when
in fact the packet is just a fragment (e.g. Netflow is known to do this).
More information about the unisog