Hi, On Thu, 08 Nov 2018 at 19:52:01 -0500, Moshe Piekarski wrote: > The function udptest() reports a successfull connection even when my > machine is not connected to anything. > The same thing happens if the server is configured not to return > connection refused (try nc -vu google.com 6789)
FWIW nc.traditional does the same: $ nc.traditional -vu -q0 1.1.1.1 12345 </dev/null one.one.one.one [1.1.1.1] 12345 (?) open $ nc.traditional -vuz 1.1.1.1 12345 one.one.one.one [1.1.1.1] 12345 (?) open And so does nmap to some extent: $ nmap -sU -p 12345 1.1.1.1 […] PORT STATE SERVICE 12345/udp open|filtered italk UDP being connection-less, there is no way to tell *at the transport layer* whether the port is open or filtered. (nmap can do better job because it works at the application layer, so when trying to scan UDP/53 it'll try to speak DNS to check whether there is really a service listening on that port; and similarly for other ports associated with a protocol it knows.) So udptest() intentionally succeeds whenever the writes weren't rejected (for instance because an ICMP “destination unreachable” message was received). Can't do better at the transport level, can we? Cheers, -- Guilhem.
signature.asc
Description: PGP signature