[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Port Scan for UDP

> Excuse your arrogance, but let me correct you in some points you made!
> First of all nmap does not scan only the services listed 
in /etc/services, if 
> you were to have bothered reading the manual before answering you 
would have 
> read, and I quote: 

If you had actually read what I'd written, you'd see I didn't mention 
anywhere that nmap only scans ports listed in /etc/services.  I said 
that nmap only scans ports mentioned in ITS OWN services file, which I 
assumed most people would be intelligent enough to realize was the nmap-
services file (as documented in the manpage, if anyone would bother to 
read it).  You're right that I neglected to mention that it also scans 
anything from 1 to 1024 even if it's not listed in the services file, 

> You could have spared the TCP/UDP diff lecture since the question 
> directed to that...

The question was EXACTLY directed to that.  The gentleman was asking 
why every UDP port scanned was being listed as "open."  I explained the 
reason for it; the firewall was dropping the UDP packets, and the way 
portscans work with UDP is central to that.  I fail to see the lack of 

> jc: If you own the box and *don't* have any reason to assume/think 
> been compromised (Just checking) you can check locally using nice 
tools like:
> netstat -an --ip <for both udp and tcp> or netstat -an --udp[--tcp] 
> either one.
> lsof -i -n 
> nmap localhost -p 1-[HigherPortNumber]
> fuser 
> and the list goes on =)

Craig McPherson
Information Technology Coordinator
Baptist Collegiate Ministry

Reply to: