Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Why o Why

  1. January 8th, 2004, 01:25 AM #11
    slick8790
    slick8790 is offline
    Senior Member
    Join Date
    May 2003
    Posts
    407
    No, it begins with port 0

    Port 0
    Port 0 is officially a reserved port in TCP/IP networking, meaning that it should not be used for any TCP or UDP network communications.

    However, port 0 sometimes takes on a special meaning in network programming, particularly Unix socket programming. In this environment, port 0 is a programming technique for specifying system-allocated (dynamic) ports.

    Instead of "hard-coding" a particular port number, or writing code that searches for an open port, Unix programmers simply specify port 0 as a connection parameter. That triggers the operating system to automatically search for and return the next available port in the dynamic port number range.

    This programming technique does not work the same way in Microsoft Windows as it does in Unix.
    SOURCE: http://compnetworking.about.com/libr.../blports_0.htm


    slick
    \"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller
    Reply With Quote Reply With Quote
  2. January 8th, 2004, 06:34 AM #12
    hypronix
    hypronix is offline
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    Without a port 0 there would actually be only 65535 ports, which is 2^16-1. As most things in computers and programming, things start at 0, because of the binary value [all 0s].
    /\\
    Reply With Quote Reply With Quote
  3. January 8th, 2004, 07:26 AM #13
    chsh
    chsh is offline
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    16 bits of precision is a range of -32767 to 32768. Integers of greater precision (32 bits) are required to display the port number, however it is still only 16bits of precision in terms of the number of numbers in the range.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?
    Reply With Quote Reply With Quote
  4. January 8th, 2004, 08:05 AM #14
    cgkanchi
    cgkanchi is offline
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    chsh, unsigned 16 bit integer?
    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com
    Reply With Quote Reply With Quote
  6. January 8th, 2004, 10:40 AM #15
    anjali
    anjali is offline
    Senior Member
    Join Date
    May 2003
    Posts
    159
    I havent heard like port 0 yet.......is it remotely linked to promiscous mode,,, but i guess that has to do with IP addresses and not port nos.....

    Regards

    Kalp
    ****** Any man who knows all the answers most likely misunderstood the questions *****
    Reply With Quote Reply With Quote
  7. January 8th, 2004, 10:58 AM #16
    w0lverine
    w0lverine is offline
    Senior Member
    Join Date
    Nov 2003
    Posts
    285
    i found a few very interesting facts abt Port 0 and OS Fingerprinting

    Port 0 OS Fingerprinting
    As port 0 is reserved for special use as stated in RFC 1700. Coupled with the fact that this port number is reassigned by the OS, no traffic should flow over the internet use this port. As the specifics are not clear different OS's have, different ways of handling traffic using port 0 thus they can be fingerprinted.

    Port 0 fingerprinting consists of seven tests. The tests are labeled P1 - P7 below.

    P1: send tcp packet from source port 0 to port 0
    P2: send tcp packet from source port X to port 0
    P3: send tcp packet from source port 0 to open port
    P4: send tcp packet from source port 0 to closed port
    P5: send udp packet from source port 0 to port 0
    P6: send udp packet from source port 53 to port 0
    P7: send udp packet from source port 0 to closed port

    Port X in test P2 is any port not equal to 0. Port 53 is used in test P6 as it is most likely to bypass a firewall configuration.

    The standard reply expected to P1, P2 and P4 should be a RST packet as the port should be closed.

    The standard reply to P3 should be SYN ACK as the port is open and port 0 is a valid port as described above.

    The standard reply to P5, P6 and P7 should all be ICMP port unreachable as UDP port 0 / closed port should not have a program listening on it.

    Although port 0 is a valid port number various OS's handle port 0 differently.

    Results
    Below are a few example fingerprints. The entire list can be found at the end of the paper.

    Fingerprint OpenBSD 3.2/3.3
    P1(Resp=Y%Flags=AR)
    P2(Resp=Y%Flags=AR)
    P3(Resp=N)
    P4(Resp=Y%Flags=AR)
    P5(Resp=N)
    P6(Resp=N)
    P7(Resp=Y)

    Notice that OpenBSD has a cool feature / bug whereby it does not allow incoming connections from source port 0 (test P3)

    Fingerprint Linux
    P1(Resp=Y%Flags=AR)
    P2(Resp=Y%Flags=AR)
    P3(Resp=Y%Flags=AS)
    P4(Resp=Y%Flags=AR)
    P5(Resp=Y)
    P6(Resp=Y)
    P7(Resp=Y)

    Unfortunately, both MS Windows 2000 and Linux have the same port 0 fingerprint, replying to all 7 tests.

    Recommendations
    Although port 0 is a valid TCP / UDP port number, it is highly recommend that one should block any traffic using this port at your firewall. No program should be listening on port 0 and no program should connect from port 0 thus, it should be blocked.
    Port 0 fingerprinting can be tested using the gobbler-2.0.1-alpha available from http://www.networkpenetration.com or http://gobbler.sourceforge.net
    List of Port 0 Fingerprints
    ::::::::::::::::::::::::::::::

    Fingerprint Mac OSX
    P1(Resp=Y%Flags=AR)
    P2(Resp=Y%Flags=AR)
    P3(Resp=Y%Flags=AS)
    P4(Resp=Y%Flags=AR)
    P5(Resp=N)
    P6(Resp=N)
    P7(Resp=Y)

    Fingerprint Gobbler 2.0 Alpha
    P1(Resp=Y%Flags=AR)
    P2(Resp=Y%Flags=AR)
    P3(Resp=Y%Flags=AS)
    P4(Resp=Y%Flags=AR)
    P5(Resp=N)
    P6(Resp=N)
    P7(Resp=Y)

    Fingerprint Linux
    P1(Resp=Y%Flags=AR)
    P2(Resp=Y%Flags=AR)
    P3(Resp=Y%Flags=AS)
    P4(Resp=Y%Flags=AR)
    P5(Resp=Y)
    P6(Resp=Y)
    P7(Resp=Y)

    Fingerprint MS Windows 2000
    P1(Resp=Y%Flags=AR)
    P2(Resp=Y%Flags=AR)
    P3(Resp=Y%Flags=AS)
    P4(Resp=Y%Flags=AR)
    P5(Resp=Y)
    P6(Resp=Y)
    P7(Resp=Y)

    Fingerprint VMS on Alpha
    P1(Resp=Y%Flags=AR)
    P2(Resp=Y%Flags=AR)
    P3(Resp=Y%Flags=AS)
    P4(Resp=Y%Flags=AR)
    P5(Resp=Y)
    P6(Resp=Y)
    P7(Resp=Y)

    Fingerprint OpenBSD 3.2 or 3.3
    P1(Resp=Y%Flags=AR)
    P2(Resp=Y%Flags=AR)
    P3(Resp=N)
    P4(Resp=Y%Flags=AR)
    P5(Resp=N)
    P6(Resp=N)
    P7(Resp=Y)

    Fingerprint SunOS 5.6 (can someone confirm please)
    P1(Resp=N)
    P2(Resp=N)
    P3(Resp=Y%Flags=AS)
    P4(Resp=Y%Flags=AR)
    P5(Resp=N)
    P6(Resp=N)
    P7(Resp=Y)

    Fingerprint MS NT Server 4 (Service pack ?) with checkpoint ?
    P1(Resp=N)
    P2(Resp=N)
    P3(Resp=Y%Flags=AS)
    P4(Resp=Y%Flags=AR)
    P5(Resp=N)
    P6(Resp=N)
    P7(Resp=Y)
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules