What's "dropping source port zero packet", attack ?
C.S.Chen
cschen at ns1.NCTU.edu.tw
Thu Dec 9 01:44:00 UTC 1999
Hi,
What's the meaning of the following messages ?
s/w: BIND 8.2.2-P5.
---------------------------------------------------------------------
09-Dec-1999 09:22:36.190 notice: dropping source port zero packet from [63.224.10.78].0
08-Dec-1999 17:30:07.256 notice: dropping source port zero packet from [63.224.10.78].0 08-Dec-1999 17:30:43.263 notice: dropping source port zero packet
from [63.224.10.78].0
08-Dec-1999 06:36:18.818 notice: dropping source port zero packet from [207.91.15.26].0
08-Dec-1999 06:36:20.820 notice: dropping source port zero packet from [207.91.15.26].0
08-Dec-1999 06:36:23.837 notice: dropping source port zero packet from [207.91.15.26].0
---------------------------------------------------------------------
Some DoS attack ?
Here is the related part from the BIND source code,
ns_main.c
==============
/* Drop UDP packets from port zero. They are invariable forged. */
if (qsp == NULL && ntohs(from.sin_port) == 0) {
ns_notice(ns_log_security,
"dropping source port zero packet from %s",
sin_ntoa(from));
return;
}
--
Joe. C.S.Chen, cschen at nctu.edu.tw
* Computer Center of National Chiao Tung University, Hsinchu, Taiwan.
More information about the bind-users
mailing list