[Wylug-help] Strange UDP port activity
fluffy at fluffybacon.co.uk
fluffy at fluffybacon.co.uk
Thu Feb 3 07:42:06 GMT 2005
On Wed, 2005-02-02 at 22:45 +0000, Jason Lander wrote:
> UDP is stateless. It is also not usual to send a UDP packet without
> getting anything back. This is how a network syslog server receives
> information.
>
> NMAPs UDP detection code sends UDP packets to every port. By the look of
> it, all these use the same UDP source port. For those ports where nothing
> is listening, it should receive an ICMP port-unreachable message in
> return.
>
> If there is no port-unreachable message and no response, it assumes the
> port is filtered and/or open.
>
> It is also confused by UDP packets sent from the machine to itself as
> there will be one UDP packet has the same source and destination port.
> It marks this port as open.
>
> - Jason
Thats pretty comprehensive, thank you. It would appear that I have A
LOT more reading to do.
Ciaran.
More information about the Wylug-help
mailing list