Re: UDP scanning

[Nils Magnus <magnus () linuxtag org>]

Am Donnerstag, 11. Januar 2007 18:51 schrieb Hari Sekhon:
> I'm trying to scan for the accessibility of the udp ports 137 and 138
> but am not sure about this. Given that udp is connectionless and doesn't
> have to respond, is it even possible that I can use nmap to see if those
> two ports are accessible. I know the host is up, host discovery by icmp
> bounce is not what I am interested in here, just verification of whether
> the udp ports are accessible through the firewall.

The simple answer is:
  1/ An UDP probe to unfiltered, active UDP port results in no reponse in 
terms of "the connection". Thus, "no response" might be an indicator for an 
open port (but please read on). Several (not all) UDP services send you some 
answer packets back on the application level. You should be able to identify 
your mentioned ports with -sUV in this way.
  2/ When your probe (or the resulting answer, for that matter) is filtered or 
otherwise dropped by a firewall somewhere between you and your target, you 
also receive no answer. That is somewhat unsatisfactory from a scanner's 
point of view, but that's reality. That's why there may be the port 
status "open|filtered" in your output.
 3/ When the target port is accessible, not filtered, but not active, the 
destination system should answer with an "ICMP port not reachable" packet. 
nmap marks the port as "closed".

The exact answer is that everything is much more complex in many situations 
and it's difficult to give you a generic answer. I hope that helps you to 
your next steps.

Regards,

///Nils

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org