TCP and UDP Port 0 - Should an ISP or ITP Block it?
K. Scott Helms
kscott.helms at gmail.com
Tue Aug 25 12:27:24 UTC 2020
Job,
Comcast is blocking it. From the table on that page.
"Port 0 is a reserved port, which means it should not be used by
applications. Network abuse has prompted the need to block this port."
"What about UDP IP fragmentation?"
I'm not sure I follow this. The IP packet will be fragmented with UDP
inside it. When the IP packet gets put together the UDP PDU will have
a port number. It's possible that some packet analyzers or network
gear will improperly "see" a partial UDP flow as port 0 but that's a
mischaracterization of the flow.
Scott Helms
Scott Helms
On Tue, Aug 25, 2020 at 8:17 AM Job Snijders <job at ntt.net> wrote:
>
> On Tue, Aug 25, 2020 at 07:27:33AM -0400, K. Scott Helms wrote:
> > I think a fairly easy thing to do is see what other large retail ISPs
> > have done. Comcast, as an example, lists all of the ports they block
> > and 0 is blocked. I do recommend that port 0 be blocked by all of the
> > ISPs I work with and frankly Comcast's list is a pretty good one to
> > use in general, though you will get some pushback on things like SMTP.
> >
> > https://www.xfinity.com/support/articles/list-of-blocked-ports
>
> I may be reading the table incorrectly, but it seems to me Comcast is
> *not* blocking UDP port 0 according to the above URL?
>
> > Transit providers are a little bit different, but then again port 0 is
> > also different since AFAIK it's never had a legitimate use case. It's
> > always been a reserved port. I'd personally block it if I ran a
> > transit, but I'd be more willing to open it up for one of my large
> > customers (in a limited way) than I would on the retail side.
> >
> > https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
>
> What about UDP IP fragmentation?
>
> Kind regards,
>
> Job
More information about the NANOG
mailing list