TCP and UDP Port 0 - Should an ISP or ITP Block it?

• Previous message (by thread): TCP and UDP Port 0 - Should an ISP or ITP Block it?
• Next message (by thread): TCP and UDP Port 0 - Should an ISP or ITP Block it?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To be clear, UDP port 0 is not and probably shouldn't be blocked
because some network gear and reporting tools may mistake a fragmented
UDP PDU for port 0.  That's an implementation error, but one that may
be common enough to create issues for users.  Blocking inbound TCP
port 0 is something that I've personally done in dozens of ISP
networks over more than a decade without a single reported issue.

Scott Helms


On Tue, Aug 25, 2020 at 7:39 PM narhiro <blackperl.narita9 at gmail.com> wrote:
>
>
> > "Port 0 is a reserved port, which means it should not be used by
> > applications. Network abuse has prompted the need to block this port."
> >
> > "What about UDP IP fragmentation?"
> >
> > I'm not sure I follow this.  The IP packet will be fragmented with UDP
> > inside it.  When the IP packet gets put together the UDP PDU will have
> > a port number.  It's possible that some packet analyzers or network
> > gear will improperly "see" a partial UDP flow as port 0 but that's a
> > mischaracterization of the flow.
> >
> >
> > Scott Helms
> >
> > Scott Helms
> >
> >
> >
> >>> On Tue, Aug 25, 2020 at 8:17 AM Job Snijders <job at ntt.net> wrote:
> >>>
> >>>> On Tue, Aug 25, 2020 at 07:27:33AM -0400, K. Scott Helms wrote:
> >>> I think a fairly easy thing to do is see what other large retail ISPs
> >>> have done.  Comcast, as an example, lists all of the ports they block
> >>> and 0 is blocked.  I do recommend that port 0 be blocked by all of the
> >>> ISPs I work with and frankly Comcast's list is a pretty good one to
> >>> use in general, though you will get some pushback on things like SMTP.
> >>> https://www.xfinity.com/support/articles/list-of-blocked-ports
> >>
> >> I may be reading the table incorrectly, but it seems to me Comcast is
> >> *not* blocking UDP port 0 according to the above URL?
> >>
> >>> Transit providers are a little bit different, but then again port 0 is
> >>> also different since AFAIK it's never had a legitimate use case.  It's
> >>> always been a reserved port.  I'd personally block it if I ran a
> >>> transit, but I'd be more willing to open it up for one of my large
> >>> customers (in a limited way) than I would on the retail side.
> >>> https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
> >>
> >> What about UDP IP fragmentation?
> >>
> >> Kind regards,
> >>
> >> Job

• Previous message (by thread): TCP and UDP Port 0 - Should an ISP or ITP Block it?
• Next message (by thread): TCP and UDP Port 0 - Should an ISP or ITP Block it?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]