I notice in our organisation an access list which is allowing tcp and udp ports greater than 1.
Why are ports (TCP and UDP) 0 and 1 used for. As I was reading on the internet i noticed that tcp port 1 is used for service multiplexing.
So when 2 hosts are trying to connect to eachother via port 80 www. It will first setup a tcp connection via syn and ack, after this the www service of host 1 is searching for www service of host 2 via port 1. when www is found there is a positive sign send to host 1 over tcp port 1. Is this correct?
When is port 0 used?
Again on the internet I found that these ports are a kind of a wildcard. When host 1 wants to send something over port 0 it is redirected to the next available port above 1023. And are those ports (above 1023) used for virusses and trojans?
Port 0 is reserved, meaning that it will never be assigned by IANA, the way that 80 was assigned to http, etc. Various operating systems have handled it differently (i.e, some had bugs that would seem to indicate that their programmers did not realize that 0 was possible, but should behave as any other unused port). Here you can see that nessus has a vulnerability scanner for Firewall 1, which apparently had a UDP port 0 DoS
I believe you are basically accurate about tcp-mux. My impression of it is that it was an old Unix service that might have helped for diagnostic purposes, but had security vulnerability problems that caused it to disappear over time. It sounds like it might have suffered from traffic amplification affects
That all said, I don't know why ports 0 and 1 would be allowed. I would tend to think they were opened by mistake
I believe that there is a clue in careful reading of the original post which says:
which is allowing tcp and udp ports greater than 1.
so the case is not that port 1 is allowed but that a RANGE greater than 1 is allowed. Without knowing more about the context of the access list we can not know what is being done. But I will observe that at a customer that I support we use a similar construct in an access list used with RPF check so that the log parameter used in the access list statement will report the TCP or UDP port. In logging by an access list, if the access list has not checked for port values then the log message can not report the port value.
Perhaps the original poster can clarify the syntax of the access list that he is talking about.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...