[Shorewall-users] What sort of traffic is this?

Bear bear@amberorder.com
Wed, 2 Jan 2002 04:27:20 -0800

Hi guys, thought maybe someone would know this off the top of their heads...

What are seemingly legitimate hosts (this one resolves to AskJeeves) doing
trying to UDP to port 0?  And always with a SPT of 53?

There aren't too many of these in the logs, so it doesn't seem like DNS, and
the connection list shows no connections to the related address.

And if it's a legitimate entry, why can't I find anything for port 0 in the
various RFCs?

Log entry:
Jan  2 03:27:56 net2all:DROP:IN=eth0 OUT=eth1 SRC=
DST= LEN=64 TOS=0x00 PREC=0x00 TTL=1 ID=32523 PROTO=UDP SPT=53
DPT=0 LEN=44

John Stroud
Someday I'll make a real sig

Tracking #: 2E94C06212BCC54EBAF57D6BA0F7FF1AE43A8EE3