What's "dropping source port zero packet", attack ?

Barry Margolin barmar at bbnplanet.com
Thu Dec 9 19:06:37 UTC 1999


In article <4.2.2.19991209104905.0130f7d0 at mail.netpacq.com>,
Paul Jacobs  <paul at netpacq.com> wrote:
>There is a remote access program called VNC that by default sets port "0" 
>as the port to listen on..

If you specify port 0 in a call to bind(), it asks the OS to select an
unused high port; this is used by programs like FTP, which need to listen
on a port for the data connection, but don't need to use a well-known port
(the client sends the port to the server via the PORT command).  AFAIK,
there's no way to really listen on port 0.

Any time you see port 0 in a packet on the net, it means that the sender
bypassed the normal TCP or UDP API, e.g. using raw sockets.

-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.


More information about the bind-users mailing list