Should i be more worried about TCP listening ports than UDP listening ports ?
Printable View
Should i be more worried about TCP listening ports than UDP listening ports ?
Well, if you're concerned about security you should be worried about any unknown listening ports using any protocol.
AFAIK, TCP ports are more for data transmission, where the data needs to get to the recipient. UDP is for when it really doesnt matter, for things like streaming audio and video. IMHO, i think you should be worried a bit more about TCP than UDP
slick
slick is correct.
TCP is a connection orientated protocol.
UDP is a connectionless orientated protocol.
TCP is used for for most programs that need to make sure the data gets there.
UDP is used mostly for games, streaming adio and video. It is the faster of the two protocols cause it doesn't check to see if the data go to the recipient correctly.
Thanks for the replies
Personally, I'd still be concerned about the UDP ports as that can be a protocol used for DoS attacks and the like. Something I'm sure you'd want to avoid being the source of.
I second pwaring on this:Quote:
Originally posted here by pwaring
Well, if you're concerned about security you should be worried about any unknown listening ports using any protocol.
The mere fact that a socket is listening in udp or tcp doesn't say zip about it's vulnerability potential.
Take for example SQL server, it uses (amongst other) port udp 1434. Does udp 1434 ring a bell? That's right: slammer. Slammer was able DoS a huge number of machines by sending only a single 376 bytes datagram to SQL Server/MSDE hosts. Windows also uses udp 137-138 for NetBIOS/SMB file sharing. SNMP also uses udp 162, which can potentially reveal sensitive information. Not to forget that some game servers that use udp have also had vulnerabilities exposed. Etc.
So there's really no basis for tcp/udp discrimination as far as vulnerability goes.
Ammo
I'd definately say be concerned with UDP listening ports. The ever famous Back Orifice listened on UDP port 31337. An open UDP port is just as dangerous as an open TCP port.
anyone wants to talk about icmp?
ICMP deals in error checking and so on. The user interface for ICMP is the ping program. You can use ping to send ICMP packets and see if something responds with "Hello, I'm up and running"
ping 192.168.0.1
{192.168.0.1} Hello, I'm up and running.
Of course you can set hardware and software to NOT respond to ping.