Even more unusual traffic

• Previous message (by thread): Unusual Traffic
• Next message (by thread): Even more unusual traffic
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I apologize for sending three messages, but in the review of our access-list
violations, I have discovered even more odd and unusual traffic...

Oct 13 11:49:03 protecting.router.ip.address 46: %SEC-6-IPACCESSLOGP: list
102 denied udp 10.10.10.10(0) -> 20.20.20.20(0), 3 packets
Oct 13 11:54:03 protecting.router.ip.address 48: %SEC-6-IPACCESSLOGP: list
102 denied udp 10.10.10.10(0) -> 20.20.20.20(0), 3 packets
Oct 13 13:49:06 protecting.router.ip.address 50: %SEC-6-IPACCESSLOGP: list
102 denied udp 10.10.10.10(0) -> 20.20.20.20(0), 2 packets
Oct 13 13:54:07 protecting.router.ip.address 52: %SEC-6-IPACCESSLOGP: list
102 denied udp 10.10.10.10(0) -> 20.20.20.20(0), 2 packets

IANA lists port 0 as reserved (failing to note what it is reserved for), so
why am I seeing this traffic in the wild?  What is its function, both as a
source port and a destination port?  And more importantly, why is someone
trying to access it on my primary DNS server?

Your help is appreciated...

Jesse Whyte
Security Analyst
Office of Information Resources
State of Tennessee
(615)741-8651

• Previous message (by thread): Unusual Traffic
• Next message (by thread): Even more unusual traffic
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]