DDoS using port 0 and 53 (DNS)
John Kristoff
jtk at cymru.com
Wed Jul 25 14:43:43 UTC 2012
On Tue, 24 Jul 2012 23:10:52 -0500
Jimmy Hess <mysidia at gmail.com> wrote:
> It should be relatively safe to drop (non-fragment) packets to/from
> port 0.
[...]
Some UDP applications will use zero as a source port when they do not
expect a response, which is how many one-way UDP-based apps operate,
though not all. This behavior is spelled out in the IETF RFC 768:
"Source Port is an optional field, when meaningful, it indicates the
port of the sending process, and may be assumed to be the port to
which a reply should be addressed in the absence of any other
information. If not used, a value of zero is inserted."
John
More information about the NANOG
mailing list