Penetration Testing mailing list archives
Re: BO2k Port?
From: Daniel Roethlisberger <daniel () roe ch>
Date: Fri, 28 Sep 2001 18:42:20 +0200
PM Systems - Rick Woehler <RWoehler () PMSysCorp com> wrote:
Doing an audit on a gov agency with a Raptor Firewall. I was shocked to see nmap repeatedly reporting 31335 and 31337 UDP open on the firewall. I'm told by my firewall guys that Raptors and VelociRaptors install with all ports closed and ports have to be specifically opened to allow traffic. I can't imagine the person that installed this firewall would allow those ports.
First off, 31337/udp was only used by good old BO 1.2 (SirDystic's original BO), and not BO2K (which has no real default ports, and can use TCP too). Second, nmap reporting open UDP ports is due to the way UDP is designed to work: a closed port sends an ICMP port unreachable back, while an open one sends back nothing (as UDP is connectionless it is generally up to the listening application to send UDP datagrams back or not). So essentially, there's no way to distinguish firewalled and open UDP ports. I suspect that the thing you scanned just drops all packets on those UDP ports, that's why you see them open in nmap. Cheers, Dan -- Daniel Roethlisberger <daniel () roe ch> PGP Key ID 0x8DE543ED with fingerprint 6C10 83D7 2BB8 D908 10AE 7FA3 0779 0355 8DE5 43ED ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- BO2k Port? PM Systems - Rick Woehler (Sep 28)
- Re: BO2k Port? Daniel Roethlisberger (Sep 28)
- Re: BO2k Port? H D Moore (Sep 28)
- Re: BO2k Port? H D Moore (Sep 28)