Portscan and open UDP ports
Scanning UDP ports is very different than scanning TCP - you may, or may not get any result back from probing an UDP port as UDP is a connectionless protocol.
The SG portscan technique is to send 0 byte UDP packets to each port on the target machine. If we receive an "ICMP Port Unreachable" message, then the port is closed. If an UDP response is received to the probe (unusual), the port is open. If we get no response at all, the state is "open|filtered", meaning that the port is either open or packet filters are blocking the communication.
ISPs can filter some UDP ports (your ISP kills the port probe before it gets to you), and the scan does not get the "ICMP Port Unreachable" back, remaining in the open|filtered state.
Our portscan also keeps track of the number of UDP ports that don't reply with "ICMP Port Unreachable" and after scanning a large enough number (25+) of UDP ports it can make a reasonable determination whether some packet filtering is in play and ports are actually being filtered.
Some ISPs filter UDP traffic on Netbios ports (137, 138, 139), such as some subnets of Mediaone/AT&T RoadRunner networks, others may filter UDP traffic on port 31337 (as nothing good ever rode into town on that Black Orifice port).
UDP scanning can also be painfully slow since most hosts implement a suggestion in RFC 1812 (section 126.96.36.199) of limiting the ICMP error message rate.