site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Equipment Support > Hardware By Brand > Linksys > UDP Port scans and you

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Forum Rules ·Forum FAQ ·FTP Modes & Ports ·Linksys Home
AuthorAll Replies


ashbestush
I Like---

join:2001-02-26
Los Angeles, CA

reply to Link Logger

Re: UDP Port scans and you

said by Link Logger:
... Of course this raises the question as to what a Stealthed UDP port is. Either you get a ICMP_PORT_UNREACH back or you don't, its either open or closed, so what’s a stealthed UDP port (returns a FOAD message maybe)?? Remember getting nothing back on a UDP scan assumes Open.
So are you suggesting that stealthing UDP ports by using a dummy DMZ host is bad in that it signals an open port and will perhaps encourage more malicious probing???
to forum · permalink · 2001-06-20 09:16:41 ·


ashbestush
I Like---

join:2001-02-26
Los Angeles, CA

Follow-up Question:

Is the probe of a true "unassigned" (non-existent/off) IP the same or different than a dummy DMZ Host?

to forum · permalink · 2001-06-20 09:54:01 ·


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
Reviews:
·Shaw

reply to ashbestush
Concerning placing a dummy IP address in the DMZ. I don't think this is bad and suggest people try it if they want. I'm just saying how UDP port scans work so when people say they can't get 'stealthed' on their UDP scans, this could be the reason. It should also be mentioned that hackers scanning UDP ports is somewhat uncommon because of the problems mentioned. Note I said 'somewhat uncommon' and not 'never' as sometime they do scan for UDP ports (Solaris rcpbind hole would be an example of a possible UDP scan. Rpcbind can be found hiding on an undocumented UDP port somewhere above 32770. So it doesn't matter that 111 is blocked by the firewall, as you can you find which of the more than 30,000 high ports it is listening on with a UDP scan. While this would be a painful scan, it is possible).

Myself I don't use the DMZ trick, but security levels are something you must feel comfortable with yourself.

Sorry about the URL link, as its a habit of mine to enclose things in parentheses. Hopefully you were able to find the Link Logger web site, if you were interested.

Blake

to forum · permalink · 2001-06-20 14:28:22 ·


Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:1
Reviews:
·Comcast
·WOW Internet and..

Hi Blake. I'm glad you brought up the backwards nature of UDP vs. TCP. I got whacked on this one when this difference completely got me off track when a site (I forget which one) called UDP ports "Open" and I'm thinking the TCP sense all the way.

"Open" was exactly what I wanted. That is, emulating no host is present (same as ashbestush's "unassigned").

I'm just repeating what you've said but it can't be emphasized enough. I wonder... if LinkSys changed the UDP behavior because of the way security sites label the behavior?

to forum · permalink · 2001-06-20 15:04:22 ·
Forums > Equipment Support > Hardware By Brand > Linksys

Monday, 04-Jun 05:06:02 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics