This actually makes a lot of sense. Based on the RFC's a closed udp port
should respond with a ICMP port unreachable (Type 3 Code 3). An open udp
port will not respond. If a gateway is preventing ICMP3/3 from the scanned
system to the nmap host, nmap will assume the udp port is open.
I hope this helps explain your results.
-Rob.
GVB
<[EMAIL PROTECTED]> To: GVB <[EMAIL PROTECTED]>
Sent by: cc: Michel Arboi <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>
owner-nessus@list Subject: Re: more info on nessus
problems..
.nessus.org
05/13/2002 04:45
PM
Now I am really confused... a scan of another host using the same syntax
doesn't report every udp port being open.
Could this have to do with a firewall in front of the machine??
Should I be asking these questions on the nmap list?
-gvb
On Mon, 13 May 2002, GVB wrote:
> Interesting... I double checked myself this morning and ran nmap with
> the exact same syntax as nessus does, and nmap IS reporting that all UDP
> ports are open. (I had previously said that nmap was returning the
> correct results.. I was mistaken.)
>
> So what could the problem be?
>
> This is nmap V. 2.54BETA32, going to go grab the latest..
>
> Any other ideas?
>
> -gvb
>
> On 12 May 2002, Michel Arboi wrote:
>
> > GVB <[EMAIL PROTECTED]> writes:
> >
> > > I am running nmap to scan 65535 ports, both UDP and TCP, and for
> > > some reason when I run nmap, it comes back and says that ALL 65535
> > > UDP ports are open.
> >
> > I suppose that the problem comes from nmap. That's odd. Anyway if all
> > your UDP ports are filtered you do not need to scan them.
> > Just disable the UDP scan option.
> >
> > > When I run nmap outside of nessus, it doesn't report all the UDP
> > > ports as being open.
> >
> > Do you run it with the same options?
> > Note that when you run a long nmap scan, it is a good idea to save it
> > to a file (copy&paste or nmap -oN) and import it into Nessus.
> >
> > > Problem with the way nessus is importing the data from nmap?
> >
> > I've never seen this.
> >
> >
>
>
