Re: UDP-Portscan ISA Firewall

From: @digitalaz(dot)com
Date: 03/17/03

Next message: Bubba Cooter: "Problem with firewall? help appreciated"
Previous message: The Tubes: "Good choice, Duane!"
In reply to: Thomas W Shinder [MVP]: "Re: UDP-Portscan ISA Firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 17 Mar 2003 09:26:30 -0700
From: "@digitalaz(dot)com" <""raf\"@digitalaz(dot)com">

IT's a problem with the way nmap decides what a open udp port is, go to
insecure.org to find out more. If your firewall says that all udp's are
closed then most likely you should be fine. This type of behavior is due
to the connectionless nature of UDP packets.

- Rafael

Thomas W Shinder [MVP] wrote:
> Hi Michael,
>
> Enable packet filtering. Now the only ports that are opened are the ones
> that you've explicitly opened with a packet filter or publishing rule.
>
> HTH,
> --
> Tom
> www.isaserver.org/shinder
> Get the books!
> ISA Server and Beyond: http://tinyurl.com/1jq1
> Configuring ISA Server: http://tinyurl.com/1llp
> MVP -- ISA Server 2000
>
>
> "Michael Grbic" <michael.grbic@my-mail.com> wrote in message
> news:b4q1vf$21s95n$1@ID-96624.news.dfncis.de...
>
>>Hello,
>>i should test a ISA Firewall for a customer. Therefore i make a portscan
>>witn nmap (http://www.nmapwin.org/) on the external interface ISA
>
> Firewall.
>
>>When i make a TCP Scan (SYN-Scan) than i see only the open ports that
>
> should
>
>>be open but if i make a UDP Scan (for example to see if only Port 53 UDP
>
> is
>
>>open for DNS resolution) the scanner shows me that all UDP ports are
>>openend!!! In ISA Logs i see that the firewall has blocked all UDP Ports
>>Scan with the exception of Port 53 but why the portscanner reports me that
>>all UDP ports are open if they are blocked?
>>
>>Regards
>>Michael Grbic
>>
>>
>>
>
>
>

Next message: Bubba Cooter: "Problem with firewall? help appreciated"
Previous message: The Tubes: "Good choice, Duane!"
In reply to: Thomas W Shinder [MVP]: "Re: UDP-Portscan ISA Firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Dlink 804 does not block UPD ?!
... I am also using DI-804 and my checks with ShieldsUp report that ... my local network is completely invisible to Internet. ... scan on those UDP ports that were open on my computer? ... After test installation I tried to scan the firewall with the ...
(comp.security.firewalls)
Firewall UDP
... I did not open up any UDP ports but my port scanner can still get to tons of them.... ... # Common: domain ... First I thought maybe the firewall was dropping packed therefor making my scanner not recieve a rejected responce... ...
(alt.os.linux.suse)
Svchost Firewall exceptions
... The Windows Firewall has detected an application listening for incoming ... Using procexp I can see that DHCP (DHCP Client) and DNS Cache ... UDP ports being used by this process vary over time. ...
(microsoft.public.windows.server.networking)
Re: FC3 - broken into?
... > need to make sure you know what TCP and UDP ports have to be open for ... > mischief inside the enterprise and hence already inside the firewall. ... highly recommend Guarddog. ...
(Fedora)