[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] UDP wide open?!?!?



Mathias Homann wrote:

Hi,


after a nmap run against my 'wall I found ALL ports except one for UDP wide
open!!!

Hi!

The reason for this is the behaviour of udp-Connections and the way nmap handles this.

Nmap tries to establish a connection to the udp-ports for the scan.
Due to the nature of udp (connectionless) nmap just sends the udp-packet und waits
for the RST-Packet returned in "normal" cases.

The default behaviour of SuSEfirewalls is to drop the packets. Thus nmap doesn't get the RST-Packet it is waiting for and assumes the port is open und has a listener.

You have two choices:

1.) Change the behaviour of the SuSEfirewall from Drop to Reject.
2.) Believe in SuSE :)

Regards

Ralf Schumacher




--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here