[H-GEN] nmap UDP scanning
Hilton Travis
Hilton at QuarkAV.com
Fri Dec 20 19:56:05 EST 2002
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
Hi All,
Has anyone else noticed that using nmap to scan a single UDP port on any
system will result in the following report:
[root at sirlancelot /tmp]# nmap -sU -p 10000 -T insane 192.0.2.1
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on (192.168.69.1):
Port State Service
23/udp open unknown
Nmap run completed -- 1 IP address (1 host up) scanned in 1 second
It seems that scanning any single UDP port will report an "open"
result. This is not the case on the target I was scanning. I tried
scanning port 23/UDP (known to be closed on the target system) and it
was reported as open. Scanning the same port with the TCP protocol
reports the correct result (closed).
I assume this has something to do with the fact that TCP is a
connection-oriented protocol, whereas UDP is connectionless.
Does anyone have any other way to scan a target's UDP ports and get back
a report that is valid?
--
Regards,
Hilton Travis Email: Hilton at QuarkAV.com
Manager Phone: +61-(0)7-3343-3889
Quark AudioVisual Phone: +61-(0)419-792-394
Quark Computers
(Brisbane, Australia) http://www.QuarkAV.com/
Non Linear Video Editing Solutions & Digital Audio Workstations
Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
Conference and Seminar AudioVisual Production and Recording
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list