January 26th, 2004, 10:14 PM
UDP Open Ports
I scanned one of my hosts and found that all but two TCP ports were closed, but then i scanned it using UDP and descovered that most of the ports were open. Could this be a scanner problem, because i don't have any programs on the host that are using all the ports.
Any ideas would be greatly appreciated .
System = WinXp
January 26th, 2004, 10:36 PM
You mean this time you used a UDP specific scan and it discovered some were indeed open? And the first scan may have been a TCP specific scan thus revealing only TCP ports that were open? I'm trying not to confuse anyone; including myself.
but then i scanned it using UDP and descovered that most of the ports were open.
January 26th, 2004, 11:43 PM
You said it's one of your hosts, compare it to a netstat -an and compare your findings, or scan with another scanner. Out of curiosity which scanner did you use?
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
January 27th, 2004, 12:00 AM
I used a port scanner called "BluesPortScan" , can't remember where i got it from now
January 27th, 2004, 11:56 AM
It sounds to me like the scanner you used is getting confused. UDP port scanning is very different to TCP scanning, and is pretty unreliable. With a UDP scan, you send a packet to the port, and if you get no reply it means the port is listening. If you get an unreachable message, it means the port isn't listening.
The problem here is that most firewalls silently drop the incoming packet, so the unreachable message is never sent back. This confuses the scanner into thinking the port is open, when in fact it's being protected by a firewall. So, if all but a few ports appear open, you can assume they're actually protected by a firewall, and the ports that are reported as closed aren't. The only problem with assuming this is that you can't actually tell what ports really are open, unless you trigger an event on the PC you're scanning that causes something to be sent back to you.