Hi, On Thu, 08 Nov 2018 at 19:52:01 -0500, Moshe Piekarski wrote: > The function udptest() reports a successfull connection even when my > machine is not connected to anything. > The same thing happens if the server is configured not to return > connection refused (try nc -vu google.com 6789)
FWIW nc.traditional does the same:
$ nc.traditional -vu -q0 1.1.1.1 12345 </dev/null
one.one.one.one [1.1.1.1] 12345 (?) open
$ nc.traditional -vuz 1.1.1.1 12345
one.one.one.one [1.1.1.1] 12345 (?) open
And so does nmap to some extent:
$ nmap -sU -p 12345 1.1.1.1
[…]
PORT STATE SERVICE
12345/udp open|filtered italk
UDP being connection-less, there is no way to tell *at the transport
layer* whether the port is open or filtered. (nmap can do better job
because it works at the application layer, so when trying to scan UDP/53
it'll try to speak DNS to check whether there is really a service
listening on that port; and similarly for other ports associated with a
protocol it knows.)
So udptest() intentionally succeeds whenever the writes weren't rejected
(for instance because an ICMP “destination unreachable” message was
received). Can't do better at the transport level, can we?
Cheers,
--
Guilhem.
signature.asc
Description: PGP signature
