|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Port 0 traffic
On Fri, 8 Apr 2005, Sean Donelan wrote: > > On Fri, 8 Apr 2005, Simon Waters wrote: > > Whilst we are on dross that turns up at DNS servers, how about traffic for > > port 0, surely this could be killed at the routing level as well, anyone got > > any figures for how much port 0 traffic is around? My understanding is it is > > mostly either scanning, or broken firewalls, neither of which are terribly > > desirable things to have on your network, or to ship out to other peoples > > networks. > > Or packet MTU fragmentation. Many security products mis-interpret the > packet header on a fragment and display port "0" instead of port "N/A". > > And just like people who drop all ICMP packets, if you drop all fragments, > stuff breaks in weird ways. But its your network, you can break it any > way you want. <stepping off horsey> Sean makes a good point, 'randomly' dropping traffic that 'seems bad to you' is rarely a good plan :( Hopefully people check to see if the traffic has a use and has some operational validity before just deciding to drop it? Even icmp has it's place in the world... </stepping off horsey>
|