Nmap Development mailing list archives

Re: UDP scanning

From: Hari Sekhon <hpsekhon () googlemail com>
Date: Mon, 15 Jan 2007 10:27:58 +0000

yes this is pretty much what I discovered. I have a logserver listening 
on both udp and tcp and it is never detected on udp since it never sends 
a reply.

I guess this gives udp a kind of security through obscurity from this 
point of view in that sometimes it can be very difficult to find some 
services unless you know already they're there (in which case you 
wouldn't need to scan it with nmap...).

Thanks for the feedback.

-h

Hari Sekhon



Nils Magnus wrote:

Am Donnerstag, 11. Januar 2007 18:51 schrieb Hari Sekhon:

I'm trying to scan for the accessibility of the udp ports 137 and 138
but am not sure about this. Given that udp is connectionless and doesn't
have to respond, is it even possible that I can use nmap to see if those
two ports are accessible. I know the host is up, host discovery by icmp
bounce is not what I am interested in here, just verification of whether
the udp ports are accessible through the firewall.


The simple answer is:
  1/ An UDP probe to unfiltered, active UDP port results in no reponse in 
terms of "the connection". Thus, "no response" might be an indicator for an 
open port (but please read on). Several (not all) UDP services send you some 
answer packets back on the application level. You should be able to identify 
your mentioned ports with -sUV in this way.
  2/ When your probe (or the resulting answer, for that matter) is filtered or 
otherwise dropped by a firewall somewhere between you and your target, you 
also receive no answer. That is somewhat unsatisfactory from a scanner's 
point of view, but that's reality. That's why there may be the port 
status "open|filtered" in your output.
 3/ When the target port is accessible, not filtered, but not active, the 
destination system should answer with an "ICMP port not reachable" packet. 
nmap marks the port as "closed".

The exact answer is that everything is much more complex in many situations 
and it's difficult to give you a generic answer. I hope that helps you to 
your next steps.

Regards,

///Nils


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

UDP scanning Hari Sekhon (Jan 11)
- Re: UDP scanning Hans Nilsson (Jan 11)
  - Re: UDP scanning Hari Sekhon (Jan 11)
- Re: UDP scanning Nils Magnus (Jan 12)
  - Re: UDP scanning Hari Sekhon (Jan 15)