Nmap Development mailing list archives
Re: UDP Reporting issues
From: David Fifield <david () bamsoftware com>
Date: Tue, 18 May 2010 10:58:06 -0600
On Tue, May 18, 2010 at 09:43:55AM -0700, Wolf Halton wrote:
I have read that reporting for UDP has been "normalized" to show open | filtered when the -sU test is run "to keep terrified newbies from panicking because they think they have bo2k." I did a test recently on a UNIX box that had a firewall rule for UDP ports set to drop silently all incoming, not requested, packets. The test took a long long time and returned most of the tested ports as open | filtered with trinoo controllers and bo2k. I am not a newbie, and this reporting behavior isn't very useful. Running NMap 5 on Kubuntu 10.04. Is there a simple way to set the behavior to ignore non-responsive ports instead of returning trinoo and bo2k on open | filtered ports?
Can you paste in the output that you see? (You can remove IP addresses and anything else.) What you have described above is very normal. When a firewall drops all unsolicited packets, it is indeed "filtering" them. In the case of UDP, that unfortunately is indistinguishable from a port being open in most cases. That's why Nmap says "open|filtered" and doesn't just assume the port is open. Ignoring unresponsive ports, in the case of UDP, means ignoring open ports too, so you probably don't want that. It's normal for UDP scans to take a long time. You can usually only do one port per second max against Linux. To speed it up, scan fewer ports with an option like --top-ports 500. Using the -sV option can distinguish between open and open|filtered for some ports. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- UDP Reporting issues Wolf Halton (May 18)
- Re: UDP Reporting issues David Fifield (May 18)
- Message not available
- Re: UDP Reporting issues David Fifield (May 18)
- Message not available
- Re: UDP Reporting issues David Fifield (May 18)