While running nmap UDP scans, I sniffed traffic. Firewalls must be blocking almost all UDP, the few that were actually open at the firewall, I got a unreach response from the machine.
Thanks for the help everyone! -gvb > On Mon, May 13, 2002 at 09:45:06PM +0000, GVB wrote: > > Now I am really confused... a scan of another host using the same syntax > > doesn't report every udp port being open. > > > > Could this have to do with a firewall in front of the machine?? > > Yes. Your firewall either (that's two non-exclusive options) : > > - blocks all incoming UDP traffic > - blocks all outgoing ICMP traffic of type 3 (unreach) [which is a big > NO-NO if you want to have a system which does not break path MTU > discovery and play nice with the rest of the world] > > If it's the first case only, then there's nothing you can do - your > firewall drops all incoming UDP traffic, no icmp unreach is generated, > so nmap says everything's open. > > If it's the second case only, then I urge you to reconfigure your > firewall. A packet filter SHOULD let ICMP traffic of type 3 go out > (icmp unreach messages are not used _only_ by kiddies scanning port, > there's a real usage for it too). > > > Should I be asking these questions on the nmap list? > > I think you'd probably get a better answer. > > > -- Renaud > >
