RE: too many open udp ports

From: Yonatan Bokovza (Yonatanat_private)
Date: Wed May 30 2001 - 01:08:14 PDT

Next message: Curt Wilson: "Penetration test report - your comments please?"

Previous message: Alex Balayan: "Pinging a MAC address"
Maybe in reply to: vinay dwarakanath: "too many open udp ports"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I can't say I understood your exact network configuration,
but I remember seeing what you see.
The state of a UDP port is determined as such:
send a packet to the port. If you get back
ICMP_UDP_PORT_UNREACHABLE for that packet,
you can safely assume that port is closed. If not, consider
that port open. Sharp reasoning will lead you to conclude
that if a machine is firewalled or offline (i.e.- not answering
or not recieving your packets) it will look as if all the
UDP ports tested are open.
I'd refer you to nmap's man page, where you can learn more
about other types of scans:
http://www.freebsd.org/cgi/man.cgi?query=nmap&manpath=FreeBSD+Ports

Regards,
Yonatan Bokovza.
IT Security Consultant.
Xpert Systems.


> -----Original Message-----
> From: Ogle Ron (Rennes) [mailto:OgleRat_private]
> Sent: Tuesday, May 29, 2001 10:58
> To: 'vinay dwarakanath'; pen-testat_private
> Subject: RE: too many open udp ports
> 
> 
> If you are using the Winsock proxy client, then you may have 
> additional
> protocols open other than http and ftp.  I would also make 
> sure that the MS
> Proxy is NOT part of any domain, and block all TCP/UDP ports 
> for NetBIOS.
> 
> Ron Ogle
> Thomson multimedia
> 
> > -----Original Message-----
> > From: vinay dwarakanath [mailto:vindwarat_private]
> > Sent: Friday, May 25, 2001 9:48 AM
> > To: pen-testat_private
> > Subject: too many open udp ports
> > 
> > 
> > Hi all,
> > 
> > When i port scan from inside a network and if the
> > proxy is on the DMZ the port scan reveals a lot of
> > open UDP ports. is this normal or does this mean a
> > security loop hole. the proxy is a MSproxy and the
> > scan was conducted from fscan inside the dmz. Can
> > anybody explain.
> > 
> > Pl don't mistake if this is a basic question as i am
> > very new to this feild.
> > 
> >  Regards
> > Vinay
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Auctions - buy the things you want at great prices
> > http://auctions.yahoo.com/
> > 
>

Next message: Curt Wilson: "Penetration test report - your comments please?"
Previous message: Alex Balayan: "Pinging a MAC address"
Maybe in reply to: vinay dwarakanath: "too many open udp ports"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed May 30 2001 - 07:14:47 PDT