Security Basics
UDP question Oct 08 2013 01:10AM
ToddAndMargo (ToddAndMargo zoho com)
Hi All,

I have been reading http://nmap.org/bennieston-tutorial/. In the
section on UDP, he states:

UDP Scanning is not usually useful for most types of attack,
but it can reveal information about services or trojans which
rely on UDP, for example SNMP, NFS, the Back Orifice trojan
backdoor and many other exploitable services.

Most modern services utilise TCP, and thus UDP scanning is
not usually included in a pre-attack information gathering
exercise unless a TCP scan or other sources indicate that
it would be worth the time taken to perform a UDP scan.

I am a bit confused:

1) "unless a TCP scan or other sources indicate". Okay.
How would a UDP port that was open give you any indication
that it was open with a TCP scan?

2) "for example SNMP, NFS, the Back Orifice Trojan backdoor".
Is he talking about a compromised system or a system with
a bunch of poorly thought out services running on it?

3) It is my understanding, that the malicious programs on
a compromised system do not act as a server, meaning they
do not open ports. As I understand it, they communicate
with their evil puppet masters by establishing out going
connections to avoid the firewall. They same way I avoid
firewalls with Go To Assist. Am I wrong here?

Many thanks,
-T

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus