Re: BO2k Port?

[Daniel Roethlisberger <daniel () roe ch>]

PM Systems - Rick Woehler <RWoehler () PMSysCorp com> wrote:
> Doing an audit on a gov agency with a Raptor Firewall. I was
> shocked to see nmap repeatedly reporting 31335 and 31337 UDP
> open on the firewall. I'm told by my firewall guys that Raptors
> and VelociRaptors install with all ports closed and ports have
> to be specifically opened to allow traffic. I can't imagine the
> person that installed this firewall would allow those ports.

First off, 31337/udp was only used by good old BO 1.2 (SirDystic's
original BO), and not BO2K (which has no real default ports, and
can use TCP too).

Second, nmap reporting open UDP ports is due to the way UDP is
designed to work: a closed port sends an ICMP port unreachable
back, while an open one sends back nothing (as UDP is
connectionless it is generally up to the listening application to
send UDP datagrams back or not). So essentially, there's no way to
distinguish firewalled and open UDP ports. I suspect that the
thing you scanned just drops all packets on those UDP ports,
that's why you see them open in nmap.

Cheers,
Dan


-- 
   Daniel Roethlisberger <daniel () roe ch>
   PGP Key ID 0x8DE543ED with fingerprint
   6C10 83D7 2BB8 D908 10AE  7FA3 0779 0355 8DE5 43ED


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/