Synopsis
It is possible to determine which UDP ports are open.
Description
This plugin runs a UDP port scan against the target. It is possible to determine which UDP ports are open by sending UDP packets on every port. If the port is open, the application will most often keep quiet.
If the port is closed, the TCP/IP stack may send back an ICMP Host unreachable / bad port packet. However, this is assuming there are no intermediate devices between the scanner and the target. Firewalls often block ICMP, which will prevent responses that identify closed ports. The scanning primarily relies on the absence of a response to identify open ports and in complex environments with many intermediate devices, the detection can often be unreliable.
UDP scanning takes a long time to complete. The scanner must limit the number of concurrent probes because ICMP is often rate limited. Also, since open ports do not respond, the scanner must wait for a timeout period to be reasonably sure that no response will be received.
Given the typical environments being scanned today, the results of this plugin should be thoroughly vetted and be used as weak signals for further investigation. It is likely that a large number of assets will be detected if there are intermediate devices between the scanner and the targets. Consider using the netstat or SNMP port enumeration options instead if possible.
Solution
Protect your target with an IP filter or implement ICMP rate limitation.
Plugin Details
File Name: nessus_udp_scanner.nbin
Supported Sensors: Nessus