DDoS using port 0 and 53 (DNS)

John Kristoff jtk at cymru.com
Wed Jul 25 14:43:43 UTC 2012

On Tue, 24 Jul 2012 23:10:52 -0500
Jimmy Hess <mysidia at gmail.com> wrote:

> It should be relatively safe to drop  (non-fragment)  packets to/from
> port 0.

Some UDP applications will use zero as a source port when they do not
expect a response, which is how many one-way UDP-based apps operate,
though not all.  This behavior is spelled out in the IETF RFC 768:

  "Source Port is an optional field, when meaningful, it indicates the
  port of the sending  process,  and may be assumed  to be the port to
  which a reply should  be addressed  in the absence of any other
  information.  If not used, a value of zero is inserted."


More information about the NANOG mailing list