Port 0是??網路監控系統發現最近被外部攻擊了幾次,攻擊目的Port都是0 Port

資訊安全網管

hope35520 2009-03-10 11:56:55 ‧ 23357 瀏覽

分享至

Port 0是??網路監控系統發現最近被外部攻擊了幾次,攻擊的目地Port都是0 Port
第一.二次的攻擊名稱是Worm-Welchia_icmp 0bytes 來自同一個ip
第三.四次的攻擊名稱是Anomaly-UDP-dest-port-0 7bytes 來自同一個ip
請問port 0是?
被攻擊了該如何處理?

tom1686 iT邦新手 2 級 ‧ 2009-03-23 23:21:50 檢舉

http://www.iana.org/assignments/port-numbers 可找到一些參考資訊
PORT NUMBERS

(last updated 2009-03-19)

The port numbers are divided into three ranges: the Well Known Ports,
the Registered Ports, and the Dynamic and/or Private Ports.

The Well Known Ports are those from 0 through 1023.

DCCP Well Known ports SHOULD NOT be used without IANA registration.
The registration procedure is defined in [RFC4340], Section 19.9.
|
|
Keyword... Decimal Description
---------- ------- -----------
.......... 0/tcp.. Reserved
.......... 0/udp.. Reserved
spr-itunes 0/tcp.. Shirt Pocket netTunes
spl-itunes 0/tcp.. Shirt Pocket launchTunes

登入發表討論

直播研討會

{{ item.channelVendor }} {{ item.webinarstarted }} |

直播中

1 個回答

gkkangel

iT邦好手 1 級 ‧ 2009-03-10 15:40:33

最佳解答

大大是用Fortigate嗎..?
1: port 0 is mean:
Port 0
Port 0 is officially a reserved port in TCP/IP networking, meaning that it should not be used for any TCP or UDP network communications.

However, port 0 sometimes takes on a special meaning in network programming, particularly Unix socket programming. In this environment, port 0 is a programming technique for specifying system-allocated (dynamic) ports.

Instead of "hard-coding" a particular port number, or writing code that searches for an open port, Unix programmers simply specify port 0 as a connection parameter. That triggers the operating system to automatically search for and return the next available port in the dynamic port number range.

This programming technique does not work the same way in Microsoft Windows as it does in Unix.

[url-http://www.fortiguardcenter.com/vulnency/ID101974073]fortigate 內容,請點我[/url]

可能是某臺主機有中木馬.這個在請大大check一下吧!
解決的方式可以將該連線Dropped掉.
或是直接ban掉該ip