All my udp ports appear as open|filtered
-
Hi all,
I'm testing a new installation of pfsense and I'm having some questions with my fw setup. These are my current rules:
https://www.dropbox.com/s/1cbxj85gk5mjkqr/Screenshot%20from%202014-01-20%2012%3A55%3A36.png
The problem is that all udp ports appear as open | filtered with nmap, as for example:
nmap -p 1234 -sU -P0 example.org
Starting Nmap 5.21 ( http://nmap.org ) at 2014-01-20 13:00 CET
Nmap scan report for vpn1.aureka.es (123.123.123.123)
Host is up.
rDNS record for 123.123.123.123: 123.123.123.123.static.user.example.org
PORT STATE SERVICE
1234/udp open|filtered unknownNmap done: 1 IP address (1 host up) scanned in 2.27 seconds
Is this usual or a security risk? Could I do something to close all the udp ports not explicity open? Thanks in advance!
-
I'm not an expert but AFAIK UDP unlike TCP is a connectionless protocol while TCP is connection oriented. When a connection is initiated via TCP the service on the other end will always respond to try to set up the connection. This behaviour of TCP enables programs like NMAP to see who's answering the TCP doors after he's knocked on it.
UDP on the other hand simply accepts packets with no reply back. While this is better for performance (less overhead) it's not so good for reliability because with every UDP packet we send we have no way of knowing if it's actually getting where we want it to. This protocol is normally used for streaming media where performance is key and dropped packets here and there are no big deal.
Ok now with that in mind, NMAP has no way to know if there's someone answering the UDP door because there's no response (as one would expect). The NMAP output there says "open|filtered" which means…might be open...might not be.
All in all normal behaviour and nothing to worry about.