netsec-sig - Re: [Security-WG] Security group highlights - December 2018
Subject: Internet2 Network Security SIG
List archive
- From: John Kristoff <>
- To: gcbrowni <>
- Cc: "" <>
- Subject: Re: [Security-WG] Security group highlights - December 2018
- Date: Tue, 8 Jan 2019 09:10:25 -0600
- Ironport-phdr: 9a23:GsKzHRSGoOYkomOe6D6/02H82Npsv+yvbD5Q0YIujvd0So/mwa6yZxWN2/xhgRfzUJnB7Loc0qyK6/CmATRIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+KPjrFY7OlcS30P2594HObwlSizexfbB/IA+qoQnNq8IbnZZsJqEtxxXTv3BGYf5WxWRmJVKSmxbz+MK994N9/ipTpvws6ddOXb31cKokQ7NYCi8mM30u683wqRbDVwqP6WACXWgQjxFFHhLK7BD+Xpf2ryv6qu9w0zSUMMHqUbw5Xymp4qF2QxHqlSgHLSY0/m/XhMJukaxVoxCupxJwzIHIb4+YL+Z+frrHcN8GWWZNQsRcWipcCY28dYsPCO8BMP5coYn6p1sOqwa1Cwy2BOPu0T9Imnj23aM00+88FgzG3hAgH9EVvXvJstr1LL0dUf2xzKXS0zrMcu5W1C775YPVfB4hpvSMUqhxccrX0UQvGALFjkmQqYz4JDyZzPgCs2+e7+dmSOmhiHYnphlvrjWu2MsglozEip4Qx1za6yl0wJo5KNimREJmfNKpEJ5duD2GO4RsQM4vRnxktSU0yrAGvJO0ZzQFx446yxPacPOIaYyF7gzlWe2MOzl3nmhld6i6hxuq8Uiv1On8Vs6s3VlQripKiMPMtmgX2xzS7ciHUOdy8l281jmRzwDc8PxEIUQumaXFNpEh36Y8lpsVsUvdAi/7gFv6ga6Iekk4/+Wk9+Hqbqv4qpKcK4N5jx/yPrkzlsG/BOk3LhQCUHKZ9Om5ybHu/kP5TbVPg/ItjqbWqo3WKMEAqaGjBwJZzJ4v6xOlADen1NQYk2MHLFVAeB+fjYjpJ1LOLevlAvihm1Sjiiprx/TcMrL/H5rNM2DPkK39crZl905c1A0zwMhE551KFr4BPejzWk7ttN3YFxM4PQO0zv3jCNV8zYMeRXmPDrGDPKPTt1+I+vwgI/OKZIALpDbxNeIp6ODzgn8kyhchevym1pENb2++H7wyLE6Te33zhNYpHmMNtAM6SuvhzlyfFzNfeiDhcbg742QZD4KgRaTZR5uxh7KPlHO5Ap5+am1eA02IV3rkatPXCL83dCuOL5o5wXQ/Xr+7Rtp52A==
On Tue, 8 Jan 2019 14:09:34 +0000
gcbrowni
<>
wrote:
> Not to pile on too much, but we’re even being UDP port 0 attacks in
> the analysis we’re doing in Deepfield Defender. Much like 1918, etc,
> UDP port 0 is something that we should never see since its invalid.
It might usually be, but strictly speaking this is not necessarily so,
at least not when it is a source port value.
From IETF RFC 768:
Source Port is an optional field, when meaningful, it indicates the
port of the sending process, and may be assumed to be the port to which
a
reply should be addressed in the absence of any other information. If
not used, a value of zero is inserted.
In my experience, I seem to only recall seeing source port zero used in
some IP multicast app a long time, I think most apps just set a
non-zero value even if they don't expect a response.
Here is a template I have been using at our borders if it helps any:
<https://github.com/jtkristoff/junos/blob/master/firewall.conf>
There is very little I can throw away outright, but you'll see the
bogon prefixes I use. There are some bogus bit combinations that should
be safe to drop for many environments (e.g. deprecated ICMP types and
internetwork IGMP), but there may be corner cases for some networks
where these might be desirable.
John
- [Security-WG] Security group highlights - December 2018, Adair Thaxton, 01/07/2019
- Re: [Security-WG] Security group highlights - December 2018, Brad Fleming, 01/07/2019
- Re: [Security-WG] Security group highlights - December 2018, Michael H Lambert, 01/07/2019
- Re: [Security-WG] Security group highlights - December 2018, Adair Thaxton, 01/07/2019
- Re: [Security-WG] Security group highlights - December 2018, gcbrowni, 01/07/2019
- Re: [Security-WG] Security group highlights - December 2018, David Farmer, 01/07/2019
- Re: [Security-WG] Security group highlights - December 2018, gcbrowni, 01/08/2019
- Message not available
- Re: [Security-WG] Security group highlights - December 2018, John Kristoff, 01/08/2019
- Re: [Security-WG] Security group highlights - December 2018, David Farmer, 01/08/2019
- Re: [Security-WG] Security group highlights - December 2018, Adair Thaxton, 01/08/2019
- RE: [Security-WG] Security group highlights - December 2018, Spurling, Shannon, 01/08/2019
- Re: [Security-WG] Security group highlights - December 2018, Jesse Bowling, 01/08/2019
- Re: [Security-WG] Security group highlights - December 2018, David Farmer, 01/07/2019
- Re: [Security-WG] Security group highlights - December 2018, gcbrowni, 01/07/2019
- Re: [Security-WG] Security group highlights - December 2018, Adair Thaxton, 01/07/2019
- Re: [Security-WG] Security group highlights - December 2018, Michael H Lambert, 01/07/2019
- Re: [Security-WG] Security group highlights - December 2018, Brad Fleming, 01/07/2019
- Re: [Security-WG] Security group highlights - December 2018, David Farmer, 01/08/2019
Archive powered by MHonArc 2.6.19.