From: Cheltenham, UK
Neither, I'm afraid. I actually *meant* port 0. Although programming interfaces like SOCKETs cannot connect to this port and use the zero value to indicate "any" you can use various RAW socket librarys to probe machines on this port (apprently). Check out the "Shields Up" firewall tester at http://grc.com.
I thought my configuration of ISA server was OK but a "port 0" probe has been added to the tests at "Shields Up" recently and my server is now detectable on port zero and annoyingly I have not been able to reconfigure my ISA Server machine without blocking all traffic.
From: Virginia Beach
Port zero is used by microsoft as there big brother port. After doing some research I have not found any way to block this port. When a new OS is installed you will see heavy Port 0 activity for a short period of time. Then all traffic on port 0 should stop. I have discussed this with many of my colleages in the IT security industry. They all tell me the same thing. To there knowledge there is no way to block it. I am not convinced that they are correct, but since I work for a gov agency I will have to accept there response at this time. If anyone else has any further info please let the rest of us know. I would really like to make the most secure firewall possible, while still having functionality.