remote port 0 packets

[GnarlySnarly]

I am not sure this is related to WCS.. but

Yesterday I started getting lots of hits from multiple IPs using port 0, trying to send packets to port 1025, which my [kerio] firewall message said was used by WCS.exe

I checked my connection status and didn't see any evidence of WCS using port 1025.

the reason being because the structure of TCP/UDP packets uses 2 bytes for a port number, 2 bytes being limited to 65536 possible values (0-65535 - port 0 being invalid)

If port 0 is not valid, should the routing servers be allowing it?

I set a fw rule to block all packets from port 0, any IP to port 1025, reportedly assigned to WCS.exe.  I did this from the alert popup which asked what to do about it.  The rule was accepted.  However, I could not edit it.  If i tried to make any changes in the rule, such as to blocking remote port 0 traffic to a range of local ports, not just 1025 - it was not allowed.  The firewall does not allow editing or adding a rule that show remote port 0 - "Invalid port".  Invalid or not, I am getting incoming packets from that port.

[KM]

the 1025 could simply be the UDP port that WCS is using at that moment in time, however port 0... many firewalls will incorrectly report ICMP error packets sent in response to a UDP packet as being a UDP reply from port 0 (no idea why) so it could simply be where outbound UDP packets are being sent to users who don't have UDP set up correctly for inbound packets