3.0 Results Scanner FAQ - dslreports.com

			Search:
	login · register

FAQs

how-to block ads

	Search for: in all FAQs
All FAQs » Scanner FAQ » 3.0 Results
FAQ Revisions	Editors: Mike , KeysCapt Last modified on 2004-02-01 21:05:13 view: single page · printable

3.0 Results ·I have a firewall, but the scan shows my UDP ports are open. Why? ·Why do I show UDP ports open, when I BLOCKED them? ·Can I see an example of a scan report? ·Why is it good practice to re-scan? ·Why is port 113 open?
I have a firewall, but the scan shows my UDP ports are open. Why? (#224)
When a probe (scan) is sent to a UDP port there a twop possible responses, "open" and "closed". Normally, a closed UDP port responds to an incoming packet by returning an "ICMP unreachable" message. Many port scanners depend on this message to list the port as "closed". Some firewall programs "absorb" the UPD packet before it ever reaches the UPD port and an "ICMP unreachable" message is not sent. In a case like this the scanner is fooled and thinks the port is "open", when it actually may be closed. One way to tell if your firewall is exhibiting this behavior is to scan a large number of your UDP ports. Since it's impossible for your system to have several thousand ports open at once, if a UDP scan tells you they are, chances are it's your firewall doing its job. show feedback form
Why do I show UDP ports open, when I BLOCKED them? (#187)
A UDP scan works by implying state: • If a UDP port is probed and a PORT UNREACHABLE packet comes back, the port is marked as closed. • If a UDP port is probed and nothing comes back, it is marked as open. If you block only certain UDP ports, then strangely, you appear to have those ports open to a scanner. It is better to simply block response from ANY and ALL UDP ports. That way, you are not giving away any information at all. show feedback form
Can I see an example of a scan report? (#193)
There is an example scan result report available from the link at the top of each secure-me page called 'example scan'. show feedback form
Why is it good practice to re-scan? (#194)
To ensure that your security profile does not change over time, re-scans are recommended as good practice. Since computers may get re-installed, reconfigured, or upgraded, new loopholes may open up without you being aware of it, especially if the loopholes are only visible from outside. show feedback form
Why is port 113 open? (#225)
Port 113 is often left visible by firewalls since 113 is the IDENT port. IDENT is used when you connect to mail servers, or to IRC servers, to find out "who" is using the service. With IDENT filtered, your ISP mail server (unlikely) or IRC server (likely) may refuse your request or take a long time to respond as it waits for a closed/open response. It is possible to remove IDENTD as showing up as a port by reconfiguring your firewall to over-ride the default rules. As above, if IDENTD is filtered in this way, IRC and mail servers may not work properly. You can also decide that IDENTD is safe, since just having it visible does not mean there is anything that can be exploited on your side, and live with the less than "perfect" results. show feedback form


Saturday, 05-Jul 18:39:28	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact 8th year online! © 1999-2008 dslreports.com. republican-creole

All FAQs » Scanner FAQ » 3.0 Results

3.0 Results

I have a firewall, but the scan shows my UDP ports are open. Why? (#224)

Why do I show UDP ports open, when I BLOCKED them? (#187)

Can I see an example of a scan report? (#193)

Why is it good practice to re-scan? (#194)

Why is port 113 open? (#225)