Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
336
Views
0
Helpful
2
Replies

dropped packets with source port 0

lubo.nistor
Level 1
Level 1

‎08-04-2005 05:01 AM - edited ‎03-09-2019 12:02 PM

I've just experienced a X11 communication where xdm direct advertisment went through, but the resulting x11 communication was dropped by pix 515 6.3(4). I noticed that the dropped packet had a source port 0 otherwise it looked fine..

As a note: direct X11 packets with EXPORT DISPLAY work fine.

Q: is there a way to change this PIX-OS behavior dropping strange looking packets?

Labels:
0 Helpful
2 Replies 2

ssoberlik
Level 4
Level 4

‎08-09-2005 09:36 AM

The issue is that the PIX follows the convention that port 0 is to mean all port. Therefore, if the PIX accept a packet with source port 0, then all ports of the sending host are considered to be open.

Which I guess is a security Loophole.

0 Helpful

lubo.nistor
Level 1
Level 1
In response to ssoberlik

‎08-09-2005 10:59 PM

nope:

-the message comes from log.

-it is a source port

-there's no rule like that in the access list.

the only reasonable explanation is that there's a general protocol analysis and it doesn't like source port 0.

but the question is can it be changed?

0 Helpful
Customers Also Viewed These Support Documents