UDP questions! All ports open!
Results 1 to 7 of 7

Thread: UDP questions! All ports open!

  1. #1
    Banned
    Join Date
    Aug 2001
    Posts
    131

    Question UDP questions! All ports open!

    Hi! Yesterday, I somehow decided to dowload a port scanner, so, I downloaded it, and ran it against some servers and my own personal system. However, this is what I found out. This scanner is simple an fast, and it supports TCP and UDP scan. The only thing that surpised me is that it seems that according to the scanner, all of my TCP ports are either closed or invisible, but however most of my UDP ports (almost all) are open.

    So... I decided to run a UDP port scan against two other servers. Netscape.com, and Thawte.com. The result? Most of the UDP ports were reported in the port scanner windows ( assume that then it means those ports are open as this is what happened when I did TCP scan, all open ports were reported). Even on netscape.com or thawte.com, most UDP ports are open. What does this mean? Does this mean that Firewalls today only protects you against attacks launched from the TCP protocol and not UDP?

    Thankx

  2. #2
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    UDP is a connectionless protocol. It is great for a DNS attack, but there isn't much else you can do with it. Not to worried about someone taking root from a udp packet.

    Thats why I always say that "stealth mode" is a crock of ****, because your machine can still be pinged (udp packet), so it isn't really invisible.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    AFAIK, scanners determine if UDP ports are open because according to the relevant RFCs, sending an empty UDP packet to a non-open port should send an ICMP port unreachable back.

    If there is a real application listening on the port, it probably won't respond to an empty packet (or will send back an error message using its own protocol). Seeing as few server programs expect empty messages, they will normally ignore it (A few server protocols like time and daytime actually expect empty packets and respond to them)

    The problem with this is, a scanner *CANNOT* distinguish an open and a firewalled port if it doesn't get a response (from the application layers) (unlike TCP, where open ports, closed ports and firewalled ports all look different)

    Therefore, if you scan a firewalled host, it may look like every port is open.

  4. #4
    Banned
    Join Date
    Aug 2001
    Posts
    131
    So..... the scanner came up with false results?

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    False results, yes

    But not because it's broken, but because it is impossible for it not to.

  6. #6
    Banned
    Join Date
    Aug 2001
    Posts
    131
    OK! Thankx a-lot

  7. #7
    Banned
    Join Date
    Sep 2001
    Posts
    64
    Dude if the scanner is right then you need to get a firewall and antivirus because if your udp ports are open then your introuble

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •