Results 1 to 6 of 6

Thread: Interesting Nmap report

  1. #1

    Interesting Nmap report

    Hey all,

    I just downloaded and installed Nmap for Windows 2000 (I'm at work ) so that I could scan my network at home... Well the normal SYN stealth scan came back as expected, but then I decided to do a UDP scan... EVRYTHING was open . What does that mean? Does that mean that my router just doesn't block UDP traffic? And also just because they are open doesn't mean anything right? They should show a status of Listening before I start to worry right?

  2. #2
    Senior Member
    Join Date
    Apr 2002

    Re:Interesting Nmap report

    That's interesting. what type of router do you have?

    Are you running, Norton Personal firewall? I remember using superscan and scanning machines when the firewall was on and it came up with all kinds of bogus responses.

    Have you checked your router's virtual hosts settings. you could possibly have a range of UDP ports pointing to some bogus internal machine.

  3. #3

    Re:Interesting Nmap report

    I'm using a Netgear MR314(I think thats the model), cable router w/ wireless. I am also running Norton Firewall on my Windows box behind the router. I'll have to check those settings at home sometime.

    Thanx for the help/reply!

  4. #4

    Re:Interesting Nmap report

    Whenever I nmap any of my Win2k hosts, especially my domain controllers, I get a billion open upd ports, even on new installs. As far as I can tell, there is nothing running on them, since my firewalls would have logged all outgoing upd traffic and my nessus audits turn up nothing unusaly on those ports. I could, however, be wrong and have a million backdoors running on all my boxes, but I would like to doubt that possibility as it is frightening.

    As for your router, unless it is also a firewall, it will pass all layer three traffic unless it is broadcast or multicast-based (this includes udp).

  5. #5
    Junior Member
    Join Date
    May 2001

    Re:Interesting Nmap report

    Nmap will tell you an udp port is open unless it receives a port closed message, thanks to the connectionless nature of udp ports. This is normal. One of many reasons that udp port scanning has been called more of an art than a science. Don't worry too much about those open ports, unless you actually find something listening on your box.

    A netstat -anu should show all listening udp ports.

  6. #6

    Re:Interesting Nmap report

    That is normal behavior for UDP unless your running a service on that port that sends a rejected reply (confirming the last post).

Similar Threads

  1. Sendmail Log Analysis Report
    By kdnyazema in forum Tutorials
    Replies: 2
    Last Post: 12-20-2011, 02:07 AM
  2. Report to moderator?
    By in forum Announcements and Suggestions
    Replies: 9
    Last Post: 01-03-2003, 11:05 AM
  3. nmap help
    By mcdougrs in forum Linux - General Topics
    Replies: 2
    Last Post: 08-09-2002, 05:43 PM
  4. Output of a nmap of my OpenBSD firewall
    By in forum General Chat
    Replies: 8
    Last Post: 04-16-2002, 03:34 PM
  5. Nmap for script kiddies?
    By kenshi in forum General Chat
    Replies: 10
    Last Post: 12-25-2001, 11:42 PM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts