You didn't mention what sort of packet -- TCP, UDP, ICMP? Try poking through
whitehats.com. The arachNIDS database has a lot of good information about
what various ports are used for.
Sometimes, port 0 is a signature scan. They are looking to see what OS you
are running. Again, what protocol did you see coming in?
Ric Messier
Network Security Analyst
GTE Internetworking
powered by BBN
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
> Sent: Thursday, January 13, 2000 8:48 PM
> To: Jon Earle
> Cc: [EMAIL PROTECTED]
> Subject: Re: Port 0
>
>
> i have a similar query sometime ago on this list too...a summary of what i
> have gathered from all helpful responses:
>
> In general, port 8 is unassigned and port 0 is reserved, as noted
> in IANA's
> port listing, which can be found at http://www.iana.org
>
> 2 possibilities. It could be the person sourcing from port 8 is trying to
> spoof an IP address, since the destination is port 0, and he's sourcing
> from an unassigned port no less. But it's most likely an ICMP request (See
> www.robertgraham.com/pub/firewall-seen.html for more details)
>
>
>
>
>
> Jon Earle <[EMAIL PROTECTED]> on 14/01/2000 05:24:32 AM
>
> To: [EMAIL PROTECTED]
> cc: (bcc: Tan Hwee Cher/SPH)
> Subject: Port 0
>
>
>
>
> Why would someone send a packet to port 0 on my box? What is port 0?
> Running RedHat Linux 6.1.
>
> Cheers!
> Jon
> -----------------------------------------------------------------
> Jon Earle (613) 612-0946 (Cell)
> HUB Computer Consulting Inc. (613) 830-1499 (Office)
> http://www.hubcc.ca 1-888-353-7272 (Within Canada/US)
>
> "God does not subtract from one's alloted time on Earth,
> those hours spent flying." --Unknown
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
