Re: Requests to port 0

[Bradley M Alexander <storm@tux.org>]

On Thu, Aug 17, 2000 at 02:11:55PM -0700, John McCullough wrote:
> I was curious why we are logging many requests to port 0.  They are
> directed at the web server, however are blocked at the fire wall.  Any
> ideas?

Are you sure you are getting requests to port 0? If you are running
IPchains, you probably are not. Generally these are ICMP packets which are
being processed by your firewall. What you will generally see is 

xxx.xxx.xxx.xxx:0 yyy.yyy.yyy.yyy:8

ICMP packet type 8 is an echo request, while type 0 is an echo reply. The
log entry should also say PROTO=1, which is an ICMP packet. The protocol
numbers are listed in /etc/protocols.

-- 
--Brad
============================================================================
Bradley M. Alexander, CISSP              |   Co-Chairman,
Beowulf System Admin/Security Specialist |    NoVALUG/DCLUG Security SIG
Winstar Telecom                          |   balexander@winstar.com
(703) 889-1049                           |   storm@tux.org
============================================================================
The enemy invariably attacks on two occasions:
     a. when you're ready for them.
     b. when you're not ready for them.
						--Murphy's Laws of Combat