The Broadband Guide
search advanced
FAQs Categories:

Portscan and open UDP ports

Scanning UDP ports is very different than scanning TCP - you may, or may not get any result back from probing an UDP port as UDP is a connectionless protocol.

The SG portscan technique is to send 0 byte UDP packets to each port on the target machine. If we receive an "ICMP Port Unreachable" message, then the port is closed. If an UDP response is received to the probe (unusual), the port is open. If we get no response at all, the state is "open|filtered", meaning that the port is either open or packet filters are blocking the communication.

ISPs can filter some UDP ports (your ISP kills the port probe before it gets to you), and the scan does not get the "ICMP Port Unreachable" back, remaining in the open|filtered state.

Our portscan also keeps track of the number of UDP ports that don't reply with "ICMP Port Unreachable" and after scanning a large enough number (25+) of UDP ports it can make a reasonable determination whether some packet filtering is in play and ports are actually being filtered.

Some ISPs filter UDP traffic on Netbios ports (137, 138, 139), such as some subnets of Mediaone/AT&T RoadRunner networks, others may filter UDP traffic on port 31337 (as nothing good ever rode into town on that Black Orifice port).

UDP scanning can also be painfully slow since most hosts implement a suggestion in RFC 1812 (section of limiting the ICMP error message rate.

  Post your review/comments
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About