On Tue, Aug 25, 2020 at 08:27:24AM -0400, K. Scott Helms wrote:
Comcast is blocking it. From the table on that page.
"Port 0 is a reserved port, which means it should not be used by applications. Network abuse has prompted the need to block this port."
The 'Transport' column seems to indicate that TCP port 0 is blocked, but not that UDP port 0 is blocked. I believe there are comcast people on this mailing list, it would be interesting to hear what the considerations were to block one but not the other.
"What about UDP IP fragmentation?"
I'm not sure I follow this. The IP packet will be fragmented with UDP inside it. When the IP packet gets put together the UDP PDU will have a port number. It's possible that some packet analyzers or network gear will improperly "see" a partial UDP flow as port 0 but that's a mischaracterization of the flow.
You are absolutely right. There is no layer-4 header in a fragment. 'port 0' in netflow/ipfix traffic analyzer tools when displayed may be the result of a lack of ability to label it differently in the datastructures used. "mischaracterization" is a fitting word :-) Kind regards, Job