I'm doing portscans on a system I'm working to learn more about securing hosts and setting up iptables. My tcp portscan reported what I expected, only www, ssh and smtp listening. The udp portscan reported a huge list of 'open' ports. I really didn't know what to expect for this scan, so I want to know if this is normal. Just for grins, I removed every udp listing in /etc/services and restarted inetd and the scan came back the same. I figure this is normal, but if someone can confirm this behaviour, I'd really appreciate it.
If this isn't secure behaviour, perhaps I can add an iptables entry like: iptables -A INPUT -p udp -j drop However, I don't have any applications running using udp, so the 'open' port doesn't have anywhere to go, as far as I know. Again, if someone can confirm this, I'd really appreciate it. thanks, jc -- Jeff Coppock Nortel Networks Systems Engineer http://nortelnetworks.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
