>> So far, all the scans have involved TCP.However, there are some major protocols that use UDP at layer four instead of TCP.Most notably, DNS and DHCP.The UDP scan probes for such services.The UDP header is greatly simplified from the TCP header.There are no flags at all.There are just four fields in the UDP header: source port, destination port,length of the UDP datagram, and a checksum for error detection.The upper layer data, like DNS and DHCP, is encapsulated in the data portion,which immediately follows the header.The lack of an established communication process like thatof TCP makes UDP scanning much more simplified.If a UDP scan gets an ICMP port unreachable message as a reply,the port is closed, no questions asked.If no response is heard from the UDP scan, we'll label that port as open or filtered.Remember, firewalls that block traffic destined for that machine and port don't allow our scanto reach the machine, so it can't respond.However, open ports can just accept the traffic without sending a response as well,which is why we need to say the port is either open or filtered.There are certain UDP services, though, that might respond with UDP data,and if that happens, we can remove the Boolean OR and say conclusivelythat the port's most definitely open.Lots of malware and spyware open up UDP ports.From a pen testing perspective, we are able to collect valuable informationthat can identify the presence of these unwanted programs on machines.
转载于:https://www.cnblogs.com/sec875/articles/10028387.html
