Security Incidents mailing list archives
RE: what's listening on udp 161?
From: "Adcock, Matt" <Matt.Adcock () gsccca org>
Date: Wed, 13 Feb 2002 18:42:52 -0500
I think that might be the solution and a very polite way to say RTFM. :-) As it turns out after further looking, there is some internal NATting going on of which I was not aware. These machines will show false positives when you run winmap against the NATted address, but winmap reads properly when run against the real address. Thanks for the help. Matt <snip>
From the nmap man page:
UDP scans: This method is used to determine which UDP (User Datagram Protocol, RFC 768) ports are open on a host. The technique is to send 0 byte udp packets to each port on the target machine. If we receive an ICMP port unreachable message, then the port is closed. Otherwise we assume it is open. Therefore, if your hosts are not allowing ICMP in and/or out, you will get a false positive. Try scanning the machine(s) for all UDP ports ( -p1- is the argument for that on the Unix nmap) and I'll bet you get a report showing them all open. -Conor </snip> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- what's listening on udp 161? Quarantine (Feb 13)
- Re: what's listening on udp 161? Conor McGrath (Feb 13)
- <Possible follow-ups>
- RE: what's listening on udp 161? Smith, Steve (Feb 13)
- RE: what's listening on udp 161? Adcock, Matt (Feb 13)