Re: [Plugins-writers] UDP Scan Plugin

From: Michel Arboi (mikhail@private)
Date: Tue Jun 15 2004 - 23:59:53 PDT

  • Next message: Michael Ihde: "[Plugins-writers] Port Scanning / KB items when running via nasl"

    On Tue Jun 15 2004 at 21:33, ETBlomquist@private wrote:
    > My goal is to create a plugin that accurately identifies an open UDP port
    > on a remote node.  My first question is, is that even reasonable?
    Considering the way UDP scan works, the short answer is no.
    Unless you can trigger a response from the remote service.
    > I've been reading the guides on NASL and am fairly confident in my script,
    > but am unsure of the functions in regard to UDP.  Here's what I've been
    > testing, but it always displays "Port 2967 is open." whether it's really
    > open or not.
    If you really want to write this script, use test_udp_port() from
    The function returns 2 if the port is closed (ICMP bad port received),
    0 if it is definitely open (UDP answer received), and 1 otherwise.
    But the function was not written to do this kind of test; rather to
    watch the state of a port before and after a DoS attack.
    Plugins-writers mailing list

    This archive was generated by hypermail 2b30 : Wed Jun 16 2004 - 00:00:58 PDT