Nmap Development mailing list archives
Re: UDP Scan of a responsive port
From: Martin Mačok <martin.macok () underground cz>
Date: Thu, 30 Nov 2006 10:44:08 +0100
On Wed, Nov 29, 2006 at 08:25:10PM +0100, waldeck () gmx de wrote:
Scanning of a responsive UDP port with nmap 4.11 results in following effect: IP 192.168.54.1.59311 > 192.168.54.148.7: UDP, length 0 IP 192.168.54.148.7 > 192.168.54.1.59311: UDP, length 0 IP 192.168.54.1 > 192.168.54.148: ICMP 192.168.54.1 udp port 59311 unreachable, length 36 Should not nmap expect an answer and discard the UDP packet?
This is OK. The OS gets the reply too but it doesn't know anything about the probe so it rejects the packet correctly with ICMP. It is similar to sending RST's back while scanning with SYN packets (aka stealth or half-open scanning). Martin Mačok ICT Security Consultant _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- UDP Scan of a responsive port waldeck (Nov 29)
- Re: UDP Scan of a responsive port Martin Mačok (Nov 30)