06-20-2014
Actually, nmap listens to ICMP during UDP scans primarily for ICMP unreachable messages. In theory, if you reach the system with a UDP packet, but the port the packet is addressed to is not listening, the system should discard the UDP packet and send an ICMP unreachable to the sender. The app can't see these messages, but an alert system administrator will notice them (remember we're talking theory here).
This User Gave Thanks to Perderabo For This Post:
10 More Discussions You Might Find Interesting
1. Cybersecurity
I am pretty new at running nmap ,and i have some doubt about some o/ps the nmap shows
I tried to scan my own system for UDP open ports
I see that if i use one UDP port say 13
It shows that its in open state , etc
But if i scan for the whole UDP ports in the nmap-services . I gives te... (2 Replies)
Discussion started by: DPAI
2 Replies
2. UNIX for Dummies Questions & Answers
Hi,
Whenever I tried to run nmap on my linux (red hat 6.2) boxes i got these outputs:
4444/tcp filtered krb524
6666/tcp filtered irc-serv
6699/tcp filtered napster
8888/tcp filtered sun-answerbook
Can anybody please... (10 Replies)
Discussion started by: necro
10 Replies
3. Shell Programming and Scripting
Hi everyone!
I've temporarily come out of hibernation (and will be gone for about two weeks after this post too) to ask for input on a small PHP script I have just completed.
The script aims to be a remote front-end for Nmap - now for the safety of this post, I ask that any replies refrain from... (6 Replies)
Discussion started by: Karma
6 Replies
4. AIX
I'm trying to compile nmap 4.11 on an aix 5.2 machine and get the following error when attempting the 'make' command;
make
"Makefile", line 1: make: 1254-055 Dependency line needs colon or double colon operator.
"Makefile", line 14: make: 1254-055 Dependency line needs colon or double colon... (2 Replies)
Discussion started by: zuessh
2 Replies
5. Red Hat
Hi,
Is it possible to change the nmap port name: For eg:
21/tcp open ftp
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
836/tcp open unknown
843/tcp open unknown
953/tcp open rndc
I need to change the port number 836 unknown to the name of the... (4 Replies)
Discussion started by: gsiva
4 Replies
6. Shell Programming and Scripting
So...
I'm trying to script and FTP Backup of some files from openVMS Alpha machine to a Unixware 7 machine.
I decided to use .netrc to do all the FTP actions however when I send the
nmap command. It pretty much gets ignored while even other things such "ascii", "case" etc.. get respected... (0 Replies)
Discussion started by: thesubmitter
0 Replies
7. Solaris
I 'm getting following error when i run nmap for an ip .. what could be the reason for it ?
#nmap 10.22.67.18
Starting Nmap 4.68 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2009-07-06 19:07 UTC
Warning: Unable to open interface e1000g3301000 -- skipping it.... (2 Replies)
Discussion started by: fugitive
2 Replies
8. Linux
Hi ,
I am exploring the nmap utility for Linux.
I know that, nmap binaries are specific to the platforms e.g. nmap binaries will be diferent for Windows , AIX , Solaris and Linux platforms.
Can anyone tell me , will the nmap binaries be different for different flavours of Linux such as... (1 Reply)
Discussion started by: jatin56
1 Replies
9. Solaris
Hi All
After downloading ZFS documentation from oracle site, I am able to successfully migrate UFS root FS without zones to ZFS root FS. But in case of UFS root file system with zones , I am successfully able to migrate global zone to zfs root file system but zone are still in UFS root file... (2 Replies)
Discussion started by: sb200
2 Replies
10. Cybersecurity
I'm seeing a persistent address showing up on my firewall router logs. The address is 10.98.115.9:67, and is broadcasting to 255.255.255.255. I know that this would typically signal a BOOTP service, such as a bootp server announcing itself on the network. But I can't isolate which machine it... (3 Replies)
Discussion started by: renoir611
3 Replies
LEARN ABOUT FREEBSD
blackhole
BLACKHOLE(4) BSD Kernel Interfaces Manual BLACKHOLE(4)
NAME
blackhole -- a sysctl(8) MIB for manipulating behaviour in respect of refused TCP or UDP connection attempts
SYNOPSIS
sysctl net.inet.tcp.blackhole[=[0 | 1 | 2]]
sysctl net.inet.udp.blackhole[=[0 | 1]]
DESCRIPTION
The blackhole sysctl(8) MIB is used to control system behaviour when connection requests are received on TCP or UDP ports where there is no
socket listening.
Normal behaviour, when a TCP SYN segment is received on a port where there is no socket accepting connections, is for the system to return a
RST segment, and drop the connection. The connecting system will see this as a ``Connection refused''. By setting the TCP blackhole MIB to
a numeric value of one, the incoming SYN segment is merely dropped, and no RST is sent, making the system appear as a blackhole. By setting
the MIB value to two, any segment arriving on a closed port is dropped without returning a RST. This provides some degree of protection
against stealth port scans.
In the UDP instance, enabling blackhole behaviour turns off the sending of an ICMP port unreachable message in response to a UDP datagram
which arrives on a port where there is no socket listening. It must be noted that this behaviour will prevent remote systems from running
traceroute(8) to a system.
The blackhole behaviour is useful to slow down anyone who is port scanning a system, attempting to detect vulnerable services on a system.
It could potentially also slow down someone who is attempting a denial of service attack.
WARNING
The TCP and UDP blackhole features should not be regarded as a replacement for firewall solutions. Better security would consist of the
blackhole sysctl(8) MIB used in conjunction with one of the available firewall packages.
This mechanism is not a substitute for securing a system. It should be used together with other security mechanisms.
SEE ALSO
ip(4), tcp(4), udp(4), ipf(8), ipfw(8), pfctl(8), sysctl(8)
HISTORY
The TCP and UDP blackhole MIBs first appeared in FreeBSD 4.0.
AUTHORS
Geoffrey M. Rehmet
BSD
January 1, 2007 BSD