Re: Port function and scanning



Volker Birk wrote:


The port concept is used by different network protocols. A port scanner
usually is used for TCP traffic, because there is an algorithm to
determine wether there is a process "listening" on the "port" (using a
socket or an XTI connection into the kernel with this maintenance
number). Port scanners are more seldomly used for UDP, because there is
no algorithm for this case for UDP.


There is.
no reply -> open or filtered
ICMP Destination Unreachable :: Port Unreachable -> closed
UDP reply -> definitely open

ICMP by contrast has no port concept at all. And any port scanning
system, which claims to implement "ICMP port scanning", is nonsense
(like the Symantec trash).

ICMP has message codes and subcodes, which are essentially similar to ports.
Still using the term "port" is, of course, wrong.
.



Relevant Pages

  • Re: UDP question
    ... Re: UDP question.eml ... >>> Most modern services utilise TCP, ... The only open port should be the port I use for Open VPN, ...
    (Security-Basics)
  • LAG - Which algorithm?
    ... I am new at using LAG and would like your opinion on which algorithm ... Destination IP Address ... the port is selected based on a hash of the ... destination IP address uses the same port in the link aggregation ...
    (Tru64-UNIX-Managers)
  • Re: Block UDP Ports?
    ... I'm using Checkpoint Firewall-1. ... reasonable that Firewall-1 would leave UDP wide open. ... > UDP ICMP port unreachable scanning: This scanning method varies from the ...
    (comp.security.firewalls)
  • UDP DoS attack in Win2k via IKE
    ... This memo should clarify the issue discovered with the UDP DOS ... Sending of UDP traffic to port 500 UDP will cause windows to ... attacked host is an IPSec gateway). ...
    (Bugtraq)
  • Re: Bind as cache DNS and firewall
    ... As it's UDP I think of UDP queries going from my cache server to other DNS server, and I catch their UDP responses in the firewall. ... So I should open my firewall for UDP on port 53 for all the world? ...
    (comp.protocols.dns.bind)