Re: Port Scan for UDP
> Excuse your arrogance, but let me correct you in some points you made!
>
> First of all nmap does not scan only the services listed
in /etc/services, if
> you were to have bothered reading the manual before answering you
would have
> read, and I quote:
If you had actually read what I'd written, you'd see I didn't mention
anywhere that nmap only scans ports listed in /etc/services. I said
that nmap only scans ports mentioned in ITS OWN services file, which I
assumed most people would be intelligent enough to realize was the nmap-
services file (as documented in the manpage, if anyone would bother to
read it). You're right that I neglected to mention that it also scans
anything from 1 to 1024 even if it's not listed in the services file,
though.
> You could have spared the TCP/UDP diff lecture since the question
wasn't
> directed to that...
The question was EXACTLY directed to that. The gentleman was asking
why every UDP port scanned was being listed as "open." I explained the
reason for it; the firewall was dropping the UDP packets, and the way
portscans work with UDP is central to that. I fail to see the lack of
relevance.
> jc: If you own the box and *don't* have any reason to assume/think
you've
> been compromised (Just checking) you can check locally using nice
tools like:
> netstat -an --ip <for both udp and tcp> or netstat -an --udp[--tcp]
for
> either one.
> lsof -i -n
> nmap localhost -p 1-[HigherPortNumber]
> fuser
> and the list goes on =)
--
Craig McPherson
Information Technology Coordinator
Baptist Collegiate Ministry
Reply to: