Security Basics mailing list archives
UDP question
From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Mon, 07 Oct 2013 18:10:08 -0700
Hi All, I have been reading http://nmap.org/bennieston-tutorial/. In the section on UDP, he states: UDP Scanning is not usually useful for most types of attack, but it can reveal information about services or trojans which rely on UDP, for example SNMP, NFS, the Back Orifice trojan backdoor and many other exploitable services. Most modern services utilise TCP, and thus UDP scanning is not usually included in a pre-attack information gathering exercise unless a TCP scan or other sources indicate that it would be worth the time taken to perform a UDP scan. I am a bit confused: 1) "unless a TCP scan or other sources indicate". Okay. How would a UDP port that was open give you any indication that it was open with a TCP scan? 2) "for example SNMP, NFS, the Back Orifice Trojan backdoor". Is he talking about a compromised system or a system with a bunch of poorly thought out services running on it? 3) It is my understanding, that the malicious programs on a compromised system do not act as a server, meaning they do not open ports. As I understand it, they communicate with their evil puppet masters by establishing out going connections to avoid the firewall. They same way I avoid firewalls with Go To Assist. Am I wrong here? Many thanks, -T -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computers are like air conditioners. They malfunction when you open windows ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- UDP question ToddAndMargo (Oct 08)
- <Possible follow-ups>
- RE: UDP question Patrick Kobly (Oct 08)
- Re: UDP question ToddAndMargo (Oct 15)
- Re: UDP question ToddAndMargo (Oct 16)
- Message not available
- Re: UDP question ToddAndMargo (Oct 17)
- Message not available
- Re: UDP question ToddAndMargo (Oct 28)
- Re: UDP question ToddAndMargo (Oct 28)