AW: drop policy- udp ports open?

To: <debian-firewall@lists.debian.org>
Subject: AW: drop policy- udp ports open?
From: "Dobersberger Dieter" <dieter.dobersberger@trench.at>
Date: Fri, 28 Jan 2005 09:48:53 +0100
Message-id: <BD4DF1FC3158B443B644D1520262598C1007CB@neptun.trench.at>

> when i enter iptables -P INPUT DROP normally all ports should 
> be closed.
> but a portscan from http://www.sns.co.at/german/tools.htm 
> tells me that 
> all tcp ports are stealth, icmp is closed and all scanned upd 
> ports are 
> open.

Because UDP is a stateless protocol an UDP scan can not be 100%
accurate, because you can never know if your packet was received. You
can only know if it was rejected, because you get an ICMP
destination-unreachable packet back in that case. But if the packet was
droped by a firewall some portscanners assume it was received by the
destination host, because there is no negative answer.

So I would guess the scanner you are using is reporting the wrong ports
as open.

You should verify your results with an external host running nmap to be
sure.

best regards,
Dieter

Reply to:

Follow-Ups:
- Re: AW: drop policy- udp ports open?
  - From: eduardgv <eduardgv@gmail.com>

Prev by Date: drop policy- udp ports open?
Next by Date: Re: Nao aguento mas :-((((((
Previous by thread: Re: drop policy- udp ports open?
Next by thread: Re: AW: drop policy- udp ports open?
Index(es):
- Date
- Thread