Port 0 traffic

Christopher L. Morrow christopher.morrow at mci.com
Sat Apr 9 03:26:28 UTC 2005



On Fri, 8 Apr 2005, Sean Donelan wrote:

>
> On Fri, 8 Apr 2005, Simon Waters wrote:
> > Whilst we are on dross that turns up at DNS servers, how about traffic for
> > port 0, surely this could be killed at the routing level as well, anyone got
> > any figures for how much port 0 traffic is around? My understanding is it is
> > mostly either scanning, or broken firewalls, neither of which are terribly
> > desirable things to have on your network, or to ship out to other peoples
> > networks.
>
> Or packet MTU fragmentation.  Many security products mis-interpret the
> packet header on a fragment and display port "0" instead of port "N/A".
>
> And just like people who drop all ICMP packets, if you drop all fragments,
> stuff breaks in weird ways.  But its your network, you can break it any
> way you want.

<stepping off horsey>

Sean makes a good point, 'randomly' dropping traffic that 'seems bad to
you' is rarely a good plan :( Hopefully people check to see if the traffic
has a use and has some operational validity before just deciding to drop
it? Even icmp has it's place in the world...

 </stepping off horsey>



More information about the NANOG mailing list