Penetration Testing mailing list archives
RE: too many open udp ports
From: Yonatan Bokovza <Yonatan () xpert com>
Date: Wed, 30 May 2001 11:08:14 +0300
I can't say I understood your exact network configuration, but I remember seeing what you see. The state of a UDP port is determined as such: send a packet to the port. If you get back ICMP_UDP_PORT_UNREACHABLE for that packet, you can safely assume that port is closed. If not, consider that port open. Sharp reasoning will lead you to conclude that if a machine is firewalled or offline (i.e.- not answering or not recieving your packets) it will look as if all the UDP ports tested are open. I'd refer you to nmap's man page, where you can learn more about other types of scans: http://www.freebsd.org/cgi/man.cgi?query=nmap&manpath=FreeBSD+Ports Regards, Yonatan Bokovza. IT Security Consultant. Xpert Systems.
-----Original Message----- From: Ogle Ron (Rennes) [mailto:OgleR () thmulti com] Sent: Tuesday, May 29, 2001 10:58 To: 'vinay dwarakanath'; pen-test () securityfocus com Subject: RE: too many open udp ports If you are using the Winsock proxy client, then you may have additional protocols open other than http and ftp. I would also make sure that the MS Proxy is NOT part of any domain, and block all TCP/UDP ports for NetBIOS. Ron Ogle Thomson multimedia-----Original Message----- From: vinay dwarakanath [mailto:vindwar () yahoo com] Sent: Friday, May 25, 2001 9:48 AM To: pen-test () securityfocus com Subject: too many open udp ports Hi all, When i port scan from inside a network and if the proxy is on the DMZ the port scan reveals a lot of open UDP ports. is this normal or does this mean a security loop hole. the proxy is a MSproxy and the scan was conducted from fscan inside the dmz. Can anybody explain. Pl don't mistake if this is a basic question as i am very new to this feild. Regards Vinay __________________________________________________ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/
Current thread:
- too many open udp ports vinay dwarakanath (May 25)
- <Possible follow-ups>
- RE: too many open udp ports Ogle Ron (Rennes) (May 29)
- RE: too many open udp ports Yonatan Bokovza (May 30)