TCP and UDP Port 0 - Should an ISP or ITP Block it?

• Previous message (by thread): TCP and UDP Port 0 - Should an ISP or ITP Block it?
• Next message (by thread): TCP and UDP Port 0 - Should an ISP or ITP Block it?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 25 Aug 2020, Douglas Fischer wrote:

> I think that the subject of the e-mail is very self-explanatory.
> 
> With some analysis of what is running over our network, ISP or ITP, we will be able to see some TCP/UDP(mostly
> UDP) packets with source or destination to port 0.
> 
> I can think of a genuine use of it.
> (Maybe someone cloud help me see what I'm not seen.)
> 
> So I have two questions:
> 
> a) Should an ISP block that Kind of traffic?
> (like anti-spoofing on BNG/B-RAS)
> 
> b) Should a Transit Provider block that Kind of traffic?

When an application sends more data via UDP than can be fit in a single 
packet, only the first packet has a UDP header [where the port info is 
stored].  The rest of the fragments have no UDP header, which most things 
will report as UDP src/dst port = 0.  That traffic may be totally 
legitimate, so I would say, as an ISP/Transit Provider, you probably 
wouldn't want to just block all UDP port 0 traffic.

For each link in your network where you have the ability, you might 
profile and then police UDP traffic, especially the ports commonly seen in 
reflection DDoS attacks (and port 0).

----------------------------------------------------------------------
  Jon Lewis, MCP :)           |  I route
  StackPath, Sr. Neteng       |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

• Previous message (by thread): TCP and UDP Port 0 - Should an ISP or ITP Block it?
• Next message (by thread): TCP and UDP Port 0 - Should an ISP or ITP Block it?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]