Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Nmap Development: Re: UDP scanning

Re: UDP scanning

From: Hari Sekhon <hpsekhon_at_googlemail.com>
Date: Mon, 15 Jan 2007 10:27:58 +0000

yes this is pretty much what I discovered. I have a logserver listening
on both udp and tcp and it is never detected on udp since it never sends
a reply.

I guess this gives udp a kind of security through obscurity from this
point of view in that sometimes it can be very difficult to find some
services unless you know already they're there (in which case you
wouldn't need to scan it with nmap...).

Thanks for the feedback.

-h

Hari Sekhon

Nils Magnus wrote:
> Am Donnerstag, 11. Januar 2007 18:51 schrieb Hari Sekhon:
>
>> I'm trying to scan for the accessibility of the udp ports 137 and 138
>> but am not sure about this. Given that udp is connectionless and doesn't
>> have to respond, is it even possible that I can use nmap to see if those
>> two ports are accessible. I know the host is up, host discovery by icmp
>> bounce is not what I am interested in here, just verification of whether
>> the udp ports are accessible through the firewall.
>>
>
> The simple answer is:
> 1/ An UDP probe to unfiltered, active UDP port results in no reponse in
> terms of "the connection". Thus, "no response" might be an indicator for an
> open port (but please read on). Several (not all) UDP services send you some
> answer packets back on the application level. You should be able to identify
> your mentioned ports with -sUV in this way.
> 2/ When your probe (or the resulting answer, for that matter) is filtered or
> otherwise dropped by a firewall somewhere between you and your target, you
> also receive no answer. That is somewhat unsatisfactory from a scanner's
> point of view, but that's reality. That's why there may be the port
> status "open|filtered" in your output.
> 3/ When the target port is accessible, not filtered, but not active, the
> destination system should answer with an "ICMP port not reachable" packet.
> nmap marks the port as "closed".
>
> The exact answer is that everything is much more complex in many situations
> and it's difficult to give you a generic answer. I hope that helps you to
> your next steps.
>
> Regards,
>
> ///Nils
>
>

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Jan 15 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]