PM Systems - Rick Woehler <RWoehlerat_private> wrote: > Doing an audit on a gov agency with a Raptor Firewall. I was > shocked to see nmap repeatedly reporting 31335 and 31337 UDP > open on the firewall. I'm told by my firewall guys that Raptors > and VelociRaptors install with all ports closed and ports have > to be specifically opened to allow traffic. I can't imagine the > person that installed this firewall would allow those ports. First off, 31337/udp was only used by good old BO 1.2 (SirDystic's original BO), and not BO2K (which has no real default ports, and can use TCP too). Second, nmap reporting open UDP ports is due to the way UDP is designed to work: a closed port sends an ICMP port unreachable back, while an open one sends back nothing (as UDP is connectionless it is generally up to the listening application to send UDP datagrams back or not). So essentially, there's no way to distinguish firewalled and open UDP ports. I suspect that the thing you scanned just drops all packets on those UDP ports, that's why you see them open in nmap. Cheers, Dan -- Daniel Roethlisberger <danielat_private> PGP Key ID 0x8DE543ED with fingerprint 6C10 83D7 2BB8 D908 10AE 7FA3 0779 0355 8DE5 43ED ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Sep 28 2001 - 10:23:29 PDT