Tuesday, October 11, 2011

Project 6 - Port Scanning Using UDP


UDP Scan Using nmap

In this lab, you will use the nmap -sU option to perform a UDP scan.


With this scan type, nmap sends 0-byte UDP packets to each port on the target system. Receipt of an ICMPv4 Destination Unreachable/Port Unreachable (Type 3, Code 3) message signifies the port is closed; otherwise it is assumed open.


One major problem with this technique is that when a firewall blocks outgoing ICMPv4 Type 3, Code 3 messages, the port will appear open. These false-positives are hard to distinguish from real open ports.


Another disadvantage with UDP scanning is the speed at which it can be performed. Most OSes limit the number of ICMPv4 Type 3, Code 3 messages which can be generated in a certain time period, thus slowing the speed of a UDP scan. nmap adjusts its scan speed accordingly to avoid flooding a network with useless packets.


NOTE: Microsoft OSes do not limit the ICMPv4 Type 3, Code 3 error generation frequency, thus, making it is easier to scan a Windows machine's 65,535 UDP ports in very little time.

Exercise 1:

1. From a BackTrack shell, type the following (only type what's in bold):
user1@pentest:~# nmap -sU -v target_IP_address > /root/ceh/udpscan
Syntax breakdown:
nmap: program name
-sU: program option for UDP scan
-v: verbose mode
target_IP_address: the IP address of the target system
> /root/ceh/udpscan: redirect the output to a file called udpscan in the /root/ceh directory


2. Examine your results:
user1@pentest:~#cat /root/ceh/udpscan | less


3. Repeat steps #1-2 using different target IP addresses. Compare your results.


4.  Email your results to proflheureux@gmail.com.


1 comment:

  1. Use this site to convert hostnames to IP addresses:

    http://www.hcidata.info/host2ip.cgi

    ReplyDelete