 Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3
 ·Shaw
| reply to ashbestush
Re: UDP Port scans and you Concerning placing a dummy IP address in the DMZ. I don't think this is bad and suggest people try it if they want. I'm just saying how UDP port scans work so when people say they can't get 'stealthed' on their UDP scans, this could be the reason. It should also be mentioned that hackers scanning UDP ports is somewhat uncommon because of the problems mentioned. Note I said 'somewhat uncommon' and not 'never' as sometime they do scan for UDP ports (Solaris rcpbind hole would be an example of a possible UDP scan. Rpcbind can be found hiding on an undocumented UDP port somewhere above 32770. So it doesn't matter that 111 is blocked by the firewall, as you can you find which of the more than 30,000 high ports it is listening on with a UDP scan. While this would be a painful scan, it is possible).
Myself I don't use the DMZ trick, but security levels are something you must feel comfortable with yourself.
Sorry about the URL link, as its a habit of mine to enclose things in parentheses. Hopefully you were able to find the Link Logger web site, if you were interested.
Blake |
 Bill_MIBill In MichiganPremium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1
·Comcast
·WOW Internet and..
| Hi Blake. I'm glad you brought up the backwards nature of UDP vs. TCP. I got whacked on this one when this difference completely got me off track when a site (I forget which one) called UDP ports "Open" and I'm thinking the TCP sense all the way.
"Open" was exactly what I wanted. That is, emulating no host is present (same as ashbestush's "unassigned").
I'm just repeating what you've said but it can't be emphasized enough. I wonder... if LinkSys changed the UDP behavior because of the way security sites label the behavior? |
