What's "dropping source port zero packet", attack ?
Jerry Kemp - bind
bind at sun.twlight.net
Thu Dec 9 13:58:49 UTC 1999
If you have end users who need to use legacy microsoft
applications, I believe that there was an article which appeared
in several trade rags stating that microsoft used port 0
to transfer end user vital statistics from their local system
back to microsoft. This was activated when a user would
do somenting like save a word document or a powerpoint
application into html format.
Jerry Kemp
micro$oft free since '93 . . . .
> On Thu, Dec 09, 1999 at 09:44:00AM +0800, C.S.Chen wrote:
> > What's the meaning of the following messages ?
>
> >From earlier post to this list
>
> On Tue, Oct 05, 1999 at 05:34:32PM +1000, Mark_Andrews at isc.org wrote:
> > No sane IP stack sends out packets with a source port of
> > zero. There is scanning software that does this however.
> > The message just indicates that we have seen such a packet.
>
> Btw. I regularly see the same messages from the same host in my
> logfiles. In a previous discussion in this list I was told that there
> is a software (forgot the name) that tries to measure network
> topology/speed/connectivity and sends out the ip address of the
> "best" host based on this measurements.
>
> \Maex
More information about the bind-users
mailing list