Nessus UDP Scanner

info Nessus Plugin ID 34277
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

It is possible to determine which UDP ports are open.

Description

This plugin runs a UDP port scan against the target. It is possible to determine which UDP ports are open by sending UDP packets on every port. If the port is open, the application will most often keep quiet.
If the port is closed, the TCP/IP stack may send back an ICMP Host unreachable / bad port packet. However, this is assuming there are no intermediate devices between the scanner and the target. Firewalls often block ICMP, which will prevent responses that identify closed ports. The scanning primarily relies on the absence of a response to identify open ports and in complex environments with many intermediate devices, the detection can often be unreliable.

UDP scanning takes a long time to complete. The scanner must limit the number of concurrent probes because ICMP is often rate limited. Also, since open ports do not respond, the scanner must wait for a timeout period to be reasonably sure that no response will be received.

Given the typical environments being scanned today, the results of this plugin should be thoroughly vetted and be used as weak signals for further investigation. It is likely that a large number of assets will be detected if there are intermediate devices between the scanner and the targets. Consider using the netstat or SNMP port enumeration options instead if possible.

Solution

Protect your target with an IP filter or implement ICMP rate limitation.

Plugin Details

Severity: Info

ID: 34277

File Name: nessus_udp_scanner.nbin

Version: 1.28

Type: remote

Published: 2/4/2009

Updated: 4/20/2021

Dependencies: portscanners_stub.nasl, portscanners_settings.nasl, nessus_tcp_scanner.nbin, nessus_syn_scanner.nbin

Vulnerability Information