Results 1 to 7 of 7
Thread: Port 0?
-
09-10-2003, 11:50 AM #1Junior Guru Wannabe
- Join Date
- Jun 2003
- Location
- California
- Posts
- 51
Port 0?
I was wondering if anyone knew of something that exploits port 0 of a machine or firewall.
My server was attacked yesterday and at first it denied the port 0 probes/attacks but after a while it suddenly started allowing them, which I think is just bizzare.
Any information would be appreciated. Thanks!
-
09-10-2003, 12:02 PM #2Web Hosting Master
- Join Date
- Jun 2003
- Posts
- 673
I don't know of any services that use TCP or UDP port 0, and RFC 943 says that port 0 is reserved (and can't be used for anything). There should be nothing there to exploit.
-
09-10-2003, 12:04 PM #3Web Hosting Master
- Join Date
- Jun 2003
- Posts
- 673
See also this page.
-
09-10-2003, 12:20 PM #4Junior Guru Wannabe
- Join Date
- Jun 2003
- Location
- California
- Posts
- 51
I was aware that it is suppose to be reserved which confuses me. The source port and destination port is 0. So something strange is going on.
I read something about P2P software using that port. There aren't any of those on this server though. I also want to point out that its a firewall that is being attacked (a fairly expensive one too!).
Now from that link it said that in unix you could specify 0 and it would find the next available port. I'm not sure if this firewall would react the same way, but maybe it started accepted the probes/attacks because it was going up to port 80...
still confusing.
-
09-10-2003, 01:14 PM #5Junior Guru Wannabe
- Join Date
- Jun 2003
- Location
- California
- Posts
- 51
I was aware that it is suppose to be reserved which confuses me. The source port and destination port is 0. So something strange is going on.
I read something about P2P software using that port. There aren't any of those on this server though. I also want to point out that its a firewall that is being attacked (a fairly expensive one too!).
Now from that link it said that in unix you could specify 0 and it would find the next available port. I'm not sure if this firewall would react the same way, but maybe it started accepted the probes/attacks because it was going up to port 80...
still confusing.
-
09-10-2003, 01:23 PM #6Web Hosting Master
- Join Date
- Jun 2003
- Posts
- 673
No, the procedure that the article mentions is unrelated. It's only used when you're writing a program that needs to bind to an unprivileged port (for an outgoing connection).
-
09-10-2003, 04:43 PM #7Newbie
- Join Date
- Aug 2003
- Location
- Sweden
- Posts
- 26
More information on port 0,
http://www.securiteam.com/securityre...XP0Q2AAKS.html