DDoS using port 0 and 53 (DNS)

• Previous message (by thread): DDoS using port 0 and 53 (DNS)
• Next message (by thread): DDoS using port 0 and 53 (DNS)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 24 Jul 2012 23:10:52 -0500
Jimmy Hess <mysidia at gmail.com> wrote:

> It should be relatively safe to drop  (non-fragment)  packets to/from
> port 0.
[...]

Some UDP applications will use zero as a source port when they do not
expect a response, which is how many one-way UDP-based apps operate,
though not all.  This behavior is spelled out in the IETF RFC 768:

  "Source Port is an optional field, when meaningful, it indicates the
  port of the sending  process,  and may be assumed  to be the port to
  which a reply should  be addressed  in the absence of any other
  information.  If not used, a value of zero is inserted."

John

• Previous message (by thread): DDoS using port 0 and 53 (DNS)
• Next message (by thread): DDoS using port 0 and 53 (DNS)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]