Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2058
Views
0
Helpful
1
Replies

DOS attack on Source port 0

avillalva
Level 1
Level 1

‎12-05-2004 05:53 PM - edited ‎03-09-2019 09:39 AM

Hi all,

We recently had a DOS attack that utilised source port 0. The access list: access-list 100 permit tcp any any log identified the ports used, but an access-list to block it: access-list 100 deny tcp any eq 0 any failed to match against any packets.

I've looked all over to learn about tcp port 0 but have only managed to find that it's 'reserved'.

Can anyone shed some light on blocking port 0. We are using the standard IOS 12.2 (i.e. no special feature sets) on a 3700 series.

Do we need and advanced feature set?

Thanks in Advance,

Andres

Labels:
0 Helpful
1 Reply 1

konigl
Level 7
Level 7

‎12-08-2004 05:24 AM

The command

access-list 100 permit tcp any any log

will only log the IP addresses.

If you want to see the actual port numbers too, use the port "range" option and specify "0 65535" which covers all port numbers.

Try this line instead:

access-list 100 permit tcp any range 0 65535 any range 0 65535 log

Your log messages should now show exactly what TCP ports your ACL is blocking.

The same thing works for UDP, too. Just change "tcp" to "udp" to see which UDP ports are being blocked.

0 Helpful
Customers Also Viewed These Support Documents