I just ran a quick scan with nmap on my work firewall for the heck of it and all of the UDP ports came up as open|filtered. Is this normal and are they really stealthed?
Results from a port scan, I'm a little confused...
- Thread starter InlineFive
- Start date
Nothinman
Elite Member
- Sep 14, 2001
- 30,672
- 0
- 0
What kind of firewall is it? I remember the instructor at SANS this year talking about older versions of some firewalls that would basically open every port to do their proxy thing, so a port scan would show everything open and the firewall company was just like "yea, so?". I don't think that's true any more, but you never know if you're running something like a Checkpoint.
Not that much of a difference. Sure more things would be open, hopefully just a few like http proxy, ssh, ftp, maybe ntp, but it definately shouldn't include ALL UDP ports.
Brand spanking new Sonicwall TZ-170. The only WAN acception is port 443 to my IP only for remote management.
I'm thinking that coming up as open|filtered might be standard speech in nmap for stealthed as I was scanning a friends's router yesterday and it had the same result.
Nothinman
Elite Member
- Sep 14, 2001
- 30,672
- 0
- 0
Possibly, UDP has no connection information like TCP so basically you just send a packet and listen for an ICMP unreachable message back and if you don't get one you mark it down as open or filtered since you got no reply saying it was closed. I didn't think nmap showed them by default thought.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter