• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Results from a port scan, I'm a little confused...

I

InlineFive

Diamond Member
I just ran a quick scan with nmap on my work firewall for the heck of it and all of the UDP ports came up as open|filtered. Is this normal and are they really stealthed?
 
I just ran a quick scan with nmap on my work firewall for the heck of it and all of the UDP ports came up as open|filtered. Is this normal and are they really stealthed?
Click to expand...

What kind of firewall is it? I remember the instructor at SANS this year talking about older versions of some firewalls that would basically open every port to do their proxy thing, so a port scan would show everything open and the firewall company was just like "yea, so?". I don't think that's true any more, but you never know if you're running something like a Checkpoint.

Are you scanning from inside our outside, that would make a big diff.
Click to expand...

Not that much of a difference. Sure more things would be open, hopefully just a few like http proxy, ssh, ftp, maybe ntp, but it definately shouldn't include ALL UDP ports.
 
Originally posted by: Nothingman
What kind of firewall is it? I remember the instructor at SANS this year talking about older versions of some firewalls that would basically open every port to do their proxy thing, so a port scan would show everything open and the firewall company was just like "yea, so?". I don't think that's true any more, but you never know if you're running something like a Checkpoint.
Click to expand...

Brand spanking new Sonicwall TZ-170. The only WAN acception is port 443 to my IP only for remote management.

I'm thinking that coming up as open|filtered might be standard speech in nmap for stealthed as I was scanning a friends's router yesterday and it had the same result.
 
I'm thinking that coming up as open|filtered might be standard speech in nmap for stealthed as I was scanning a friends's router yesterday and it had the same result.
Click to expand...

Possibly, UDP has no connection information like TCP so basically you just send a packet and listen for an ICMP unreachable message back and if you don't get one you mark it down as open or filtered since you got no reply saying it was closed. I didn't think nmap showed them by default thought.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top