Hi,
Notice the "PROTO=UDP" part of the message. It means that this is a UDP packet,
not a TCP packet. UDP is not a socket-based protocol, so the port number is
meaningless for UDP packets. The log message includes port 0 because it was
easier to do that than to have a different format string for TCP vs UDP packets.
--- Wade
On Sat, 12 Oct 2002 00:39:37 +0200, "Christian Schuerer-Waldheim" writes:
>Hello!
>
>In my firewall-log I can find several entries like this:
>
>----8<-----------
>Oct 11 19:25:48 asterix kernel: Dropwall: IN=eth0 OUT=
>MAC=ff:ff:ff:ff:ff:ff:**:**:**:**:**:**:**:** SRC=***.***.***.***
>DST=***.***.***.*** LEN=1456 TOS=0x00 PREC=0x00 TTL=110 ID=21266 PROTO=UDP
>SPT=17060 DPT=0 LEN=1436
>----8<-----------
>[Real IP's and MAC removed]
>
>I did some research and find out, that there is no port 0 (and I was shure
>that I have no service running on port 0 (it's even not possible)).
>
>So, what could this be? What could it be good for trying to connect to a not
>existing port? Is it a kind of scan? Somewhere on the internet I've read
>that in this way you can find out which OS is runnig.
>
>Thanks for your help!
>
>Christian
>
>
>--
>To UNSUBSCRIBE, email to [EMAIL PROTECTED]
>with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
