Re: Port 65535

To: debian-firewall@lists.debian.org
Subject: Re: Port 65535
From: erich@mucl.de
Date: Thu, 1 Feb 2001 02:29:32 +0100
Message-id: <[🔎] 20010201022932.B9370@linux1.mucl.de>
In-reply-to: <[🔎] 20010131164631.A17572@feivel.credativ.de>; from meskes@debian.org on Wed, Jan 31, 2001 at 04:46:31PM +0100
References: <[🔎] 20010131164631.A17572@feivel.credativ.de>

> I just got a lot of log entries on my firewall telling me about rejected
> packages on port 65535. The protocol is 50 (aka esp). Does anyone know what
> this is? The machine in question is a potato box. There is no VPN installed.

Port 65535 are fragments.
Turn on ip defragmentation via /proc !!

(if a fragment is recieved, only the first can be filtered; the later ones
do not contain port information, so they will get port -1)

Greetings,
Erich

Reply to:

References:
- Port 65535
  - From: Michael Meskes <meskes@debian.org>

Prev by Date: Re: Port 65535
Previous by thread: Re: Port 65535
Index(es):
- Date
- Thread