<off list>
On Tuesday 15 August 2006 21:45, Dude VanWinkle wrote:
> Still, I cant seem to help but think there is something to this port 0
> thingy
>
> http://www.networkpenetration.com/port0.html
>
> <snip>
>
> 3. Port 0 OS Fingerprinting
> ---------------------------
> As port 0 is reserverd for special use as stated in RFC 1700. Coupled
> with the fact that this port number is reassigned by the OS, no
> traffic should flow over the internet using this port. As the
> specifics are not clear different OS's have differnet ways of handling
> traffic using port 0 thus they can be fingerprinted.
>
Although the port 0 in this case is a red herring and irrelevant. Port 0
itself when used with TCP/UDP (not ICMP!) can actually be used on the
Internet. A while back I modified netcat and my linux kernel so that it would
allow usage of port 0 and was able to connect to a remote machine via TCP
with that port and communicate fine.
A few routers, especially those with firewalling abilities, such as those
commonly used in SOHOs, reject the packets silently.
In short port 0 is "reserved" most OSs use it to mean "random" (but this is
not defined behaviour in an RFC, more of a tradition). If you do send out
port 0 packets though, many routers will allow them.
--
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue
- http://reboot-robot.net -
"He who hingeth aboot, geteth hee-haw" Victor - Still Game
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/