Security Basics mailing list archives

UDP question

From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Mon, 07 Oct 2013 18:10:08 -0700

Hi All,

I have been reading http://nmap.org/bennieston-tutorial/.  In the
section on UDP, he states:

   UDP Scanning is not usually useful for most types of attack,
   but it can reveal information about services or trojans which
   rely on UDP, for example SNMP, NFS, the Back Orifice trojan
   backdoor and many other exploitable services.

   Most modern services utilise TCP, and thus UDP scanning is
   not usually included in a pre-attack information gathering
   exercise unless a TCP scan or other sources indicate that
   it would be worth the time taken to perform a UDP scan.

I am a bit confused:

1) "unless a TCP scan or other sources indicate".  Okay.
How would a UDP port that was open give you any indication
that it was open with a TCP scan?

2) "for example SNMP, NFS, the Back Orifice Trojan backdoor".
Is he talking about a compromised system or a system with
a bunch of poorly thought out services running on it?

3) It is my understanding, that the malicious programs on
a compromised system do not act as a server, meaning they
do not open ports.  As I understand it, they communicate
with their evil puppet masters by establishing out going
connections to avoid the firewall.  They same way I avoid
firewalls with Go To Assist.  Am I wrong here?

Many thanks,
-T


--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

UDP question ToddAndMargo (Oct 08)
- <Possible follow-ups>
- RE: UDP question Patrick Kobly (Oct 08)
- Re: UDP question ToddAndMargo (Oct 15)
- Re: UDP question ToddAndMargo (Oct 16)
  - Message not available
    - Re: UDP question ToddAndMargo (Oct 17)
- Re: UDP question ToddAndMargo (Oct 28)
- Re: UDP question ToddAndMargo (Oct 28)