TCP and UDP Port 0 - Should an ISP or ITP Block it?

• Previous message (by thread): TCP and UDP Port 0 - Should an ISP or ITP Block it?
• Next message (by thread): TCP and UDP Port 0 - Should an ISP or ITP Block it?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 25, 2020 at 08:27:24AM -0400, K. Scott Helms wrote:
> Comcast is blocking it.  From the table on that page.
> 
> "Port 0 is a reserved port, which means it should not be used by
> applications. Network abuse has prompted the need to block this port."

The 'Transport' column seems to indicate that TCP port 0 is blocked, but
not that UDP port 0 is blocked. I believe there are comcast people on
this mailing list, it would be interesting to hear what the
considerations were to block one but not the other.

> "What about UDP IP fragmentation?"
> 
> I'm not sure I follow this.  The IP packet will be fragmented with UDP
> inside it.  When the IP packet gets put together the UDP PDU will have
> a port number.  It's possible that some packet analyzers or network
> gear will improperly "see" a partial UDP flow as port 0 but that's a
> mischaracterization of the flow.

You are absolutely right. There is no layer-4 header in a fragment.
'port 0' in netflow/ipfix traffic analyzer tools when displayed may be
the result of a lack of ability to label it differently in the
datastructures used. "mischaracterization" is a fitting word :-)

Kind regards,

Job

• Previous message (by thread): TCP and UDP Port 0 - Should an ISP or ITP Block it?
• Next message (by thread): TCP and UDP Port 0 - Should an ISP or ITP Block it?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]