Re: closed vs filtered in UDP scan

[Bo Cato <jcato73 () comcast net>]

Filtered refers to the fact that if a device or software between the
scanner and scanned host is filtering then an ICMP won't be generated by
the scanned host. A non-response could mean open or filtered. You may
want to research general firewall packet filtering for a more detailed
explanation.

-b

Hello Paul,

Tuesday, October 07, 2003, 12:47:30 PM, you wrote:

PJ> Hi,

PJ> What exactly does open/closed/filtered mean in a UDP scan? I thought the 
PJ> test was just to send to the UDP port, and look for an icmp port 
PJ> unreachable message. If it appears the port is closed, otherwise we 
PJ> guess that it's open. Where does filtered come from?

PJ> Thanks,

PJ> Paul




-- 
Best regards,
 Bo                            mailto:jcato73 () comcast net



---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).