hping and hping2 default to playing off port 0, though they can be
directed to use a more real port for play.
Thanks,
Ron DuFresne
On Thu, 20 Jul 2000, Gary Flynn wrote:
> Terry Lee Moore wrote:
> >
> > > Date: Wed, 19 Jul 2000 13:58:32 -0500
> > > From: "Gary Maltzen" <[EMAIL PROTECTED]>
> > > Subject: denying tcp/0
> >
> > > I keep seeing (and denying) tcp packets with both source and
> > destination
> > > port zero; can somebody tell me what purpose these serve?
> >
> > Gary,
> > tcp port 0 on a Cisco router is a bug.
>
> Ah, somebody else has seen this too :)
>
> I had to specifically allow port 0 to get some applications and
> systems working...primarily those associated with RPC. This even
> though I had tcp port specific filtering rules in the access list.
>
> Back to the original question:
>
> I've seen people mention that scanners like nmap use the slightly
> different responses to port 0 connection attempts to identify
> operating systems.
>
> > And finally, another example from Cisco:
> >
> > > Here are some other examples:
> >
> > > access-list 111 permit tcp any gt 0 any gt 0 log
> > > access-list 111 permit udp any gt 0 any gt 0 log
> > > access-list 111 permit ip any any 0 log
>
> I'd limit this to only the applications and systems that need it.
> Blanket permits make me nervous...particularly when associated with
> a bug. :)
>
> Gary Flynn
> Security Engineer - Technical Services
> James Madison University
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
