UDP Open Ports
Results 1 to 5 of 5

Thread: UDP Open Ports

  1. #1
    Senior Member
    Join Date
    Jan 2004
    Posts
    199

    UDP Open Ports

    I scanned one of my hosts and found that all but two TCP ports were closed, but then i scanned it using UDP and descovered that most of the ports were open. Could this be a scanner problem, because i don't have any programs on the host that are using all the ports.

    Any ideas would be greatly appreciated .

    System = WinXp
    -

  2. #2
    Senior Member
    Join Date
    Dec 2002
    Posts
    275
    but then i scanned it using UDP and descovered that most of the ports were open.
    You mean this time you used a UDP specific scan and it discovered some were indeed open? And the first scan may have been a TCP specific scan thus revealing only TCP ports that were open? I'm trying not to confuse anyone; including myself.

    .dublix

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    You said it's one of your hosts, compare it to a netstat -an and compare your findings, or scan with another scanner. Out of curiosity which scanner did you use?
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #4
    Senior Member
    Join Date
    Jan 2004
    Posts
    199
    I used a port scanner called "BluesPortScan" , can't remember where i got it from now
    -

  5. #5
    Member
    Join Date
    Oct 2001
    Posts
    76
    It sounds to me like the scanner you used is getting confused. UDP port scanning is very different to TCP scanning, and is pretty unreliable. With a UDP scan, you send a packet to the port, and if you get no reply it means the port is listening. If you get an unreachable message, it means the port isn't listening.

    The problem here is that most firewalls silently drop the incoming packet, so the unreachable message is never sent back. This confuses the scanner into thinking the port is open, when in fact it's being protected by a firewall. So, if all but a few ports appear open, you can assume they're actually protected by a firewall, and the ports that are reported as closed aren't. The only problem with assuming this is that you can't actually tell what ports really are open, unless you trigger an event on the PC you're scanning that causes something to be sent back to you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •