As mentioned in many books, including this one, people often forget about UDP. Often, this is partly because the response from scans against UDP services often lies. Return data from tools such as nmap
and scapy
can provide responses for ports that are actually open, but reported as Open|Filtered
.
As an example, research on a host indicates that a TFTP server may be active on it based on the descriptive banner of another service, but scans using nmap
point to the port as open|filtered
.
The following figure, shows the response for the UDP service TFTP as open|filtered, as described preceding, even though it known to be open:
This means that the port may actually be open, but when copious responses show many ports to be represented in this way, you may have less trust in the results. Banner grabbing of each of these ports and protocols may not be possible, as there may be no actual banner to grab. Tools such as scapy...