GEN:SID 1:525
Message BAD-TRAFFIC udp port 0 traffic
Summary This event is generated when UDP traffic to port 0 is detected. This
should not be seen in normal UDP communications.
Impact Denial of Service against Checkpoint Firewall 1 devices. Possible
reconnaisance. This may be an attempt to verify the existance
of a host or hosts at a particular address or address range.
Detailed Information UDP traffic to port 0 is not valid under normal circumstances.

Certain versions of Checkpoints Firewall 1 are subject to a Denial of
Service attack when UDP packets to port 0 are sent via VPN-1.

an indicator of unauthorized network use, reconnaisance activity or
system compromise. These rules may also generate an event due to
improperly configured network devices.
Affected Systems Any
Attack Scenarios The attacker could send packets to a host with a destination port of 0.
The attacker might also be using hping to verify the existance of a host
as a prelude to an attack.
Ease of Attack Simple
Corrective Action Disallow UDP traffic to port 0.
Additional References CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0675
Rule References bugtraq: 576
cve: 1999-0675
nessus: 10074