I have a firewall, but the scan shows my UDP ports are open. Why? Port Scanning FAQ

This Section

Why do I show UDP ports open, when I BLOCKED them?
Can I see an example of a scan report?
Why is it good practice to re-scan?
I have a firewall, but the scan shows my UDP ports are open. Why?
Why is port 113 open?

I have a firewall, but the scan shows my UDP ports are open. Why?

When a probe (scan) is sent to a UDP port there a twop possible responses, "open" and "closed".

Normally, a closed UDP port responds to an incoming packet by returning an "ICMP unreachable" message. Many port scanners depend on this message to list the port as "closed". Some firewall programs "absorb" the UPD packet before it ever reaches the UPD port and an "ICMP unreachable" message is not sent. In a case like this the scanner is fooled and thinks the port is "open", when it actually may be closed.

One way to tell if your firewall is exhibiting this behavior is to scan a large number of your UDP ports. Since it's impossible for your system to have several thousand ports open at once, if a UDP scan tells you they are, chances are it's your firewall doing its job.

got feedback?

by Mack Bolan edited by KeysCapt
last modified: 2004-02-01 05:42:47

All FAQs » Port Scanning FAQ » 3.0 Results

I have a firewall, but the scan shows my UDP ports are open. Why?