RE: UDP question

[Patrick Kobly <patrick () kobly com>]

-----Original message-----
From:   ToddAndMargo <ToddAndMargo () zoho com>
Sent:   Tue 08-10-2013 00:57
Subject:        UDP question
To:     security-basics () securityfocus com; 

> I am a bit confused:
>
> 1) "unless a TCP scan or other sources indicate".  Okay.
> How would a UDP port that was open give you any indication
> that it was open with a TCP scan?

Some services listen on both TCP and UDP (i.e. DNS, ONC RPC - NFS, SNMP) and may provide different behaviour when 
communicated with via TCP than when communicated with via UDP.
 
> 2) "for example SNMP, NFS, the Back Orifice Trojan backdoor".
> Is he talking about a compromised system or a system with
> a bunch of poorly thought out services running on it?

Both.  The article is agnostic to the purposes for which the tool is being used.

> 3) It is my understanding, that the malicious programs on
> a compromised system do not act as a server, meaning they
> do not open ports.  As I understand it, they communicate
> with their evil puppet masters by establishing out going
> connections to avoid the firewall.  They same way I avoid
> firewalls with Go To Assist.  Am I wrong here?

There is a wide variety of malware out there.  Sometimes C&C is handled by outbound connections, sometimes it's handled 
by just listening to a port.  Smart attackers are aware of the context that their malware is installed in and choose 
the appropriate medium for the job.  I noticed in another email that you're starting to look at Metasploit.  You'll 
find that msf has a number of different payloads - some of them reverse, some of them listeners.

PK

> Many thanks,
> -T
>
>
> -- 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Computers are like air conditioners.
> They malfunction when you open windows
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL 
> certificate.  We look at how SSL works, how it benefits your company and how 
> your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web 
> server. Throughout, best practices for set-up are highlighted to help you 
> ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------