[AusNOG] port 0 probes
Mark ZZZ Smith
markzzzsmith at yahoo.com.au
Wed Oct 8 07:05:50 EST 2014
>________________________________
> From: Alex Samad - Yieldbroker <Alex.Samad at yieldbroker.com>
>To: "ausnog at lists.ausnog.net" <ausnog at lists.ausnog.net>
>Sent: Tuesday, 7 October 2014, 11:34
>Subject: [AusNOG] port 0 probes
>
>
>
>
>Hi
>
>I am seeing a marked increase src port 0 and dst port 0 packets. Anyone else seeing this.
>
>I presume this is some sort of probe.
>
>Is there a legal reason to use port 0 ?
>
So according to the authoritative IANA reference, port zero is a reserved UDP port.
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
However, that might actually be incorrect, as in the UDP spec, port zero is used to indicate when the UDP source port is optional information:
https://www.ietf.org/rfc/rfc768.txt
"Source Port is an optional field, when meaningful, it indicates the port
of the sending process, and may be assumed to be the port to which a
reply should be addressed in the absence of any other information. If
not used, a value of zero is inserted."
The use case I can think of when the source port would be optional is when the UDP "transaction" is one way i.e., there would be no reply to the first UDP packet, and therefore there source port is redundant information, at least from the perspective of the application. Unacknowledged SNMP traps could be an example.
>A
>_______________________________________________
>AusNOG mailing list
>AusNOG at lists.ausnog.net
>http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
More information about the AusNOG
mailing list