On Fri, 8 Apr 2005, Sean Donelan wrote:
On Fri, 8 Apr 2005, Simon Waters wrote:
Whilst we are on dross that turns up at DNS servers, how about traffic for port 0, surely this could be killed at the routing level as well, anyone got any figures for how much port 0 traffic is around? My understanding is it is mostly either scanning, or broken firewalls, neither of which are terribly desirable things to have on your network, or to ship out to other peoples networks.
Or packet MTU fragmentation. Many security products mis-interpret the packet header on a fragment and display port "0" instead of port "N/A".
And just like people who drop all ICMP packets, if you drop all fragments, stuff breaks in weird ways. But its your network, you can break it any way you want.
<stepping off horsey> Sean makes a good point, 'randomly' dropping traffic that 'seems bad to you' is rarely a good plan :( Hopefully people check to see if the traffic has a use and has some operational validity before just deciding to drop it? Even icmp has it's place in the world... </stepping off horsey>