Common Attack Pattern Enumeration and Classification
A Community Resource for Identifying and Understanding Attacks
An attacker sends a UDP datagram to the remote host to determine if the host is alive. If a UDP datagram is sent to an open UDP port there is very often no response, so a typical strategy for using a UDP ping is to send the datagram to a random high port on the target. The goal is to solicit an ICMP port unreachable message from the target, indicating that the host is alive. UDP pings are useful because some firewalls are not configured to block UDP datagrams sent to strange or typically unused ' ports, like ports in the 65K range. Additionally, while some firewalls may filter incoming ICMP, weaknesses in firewall rule-sets may allow certain types of ICMP (host unreachable, port unreachable) which are useful for UDP ping attempts. A UDP Ping has the following characteristics:
Target Attack Surface Description
Targeted OSI Layers: Network Layer
Target Attack Surface Localities
Target Attack Surface Types: Host
The ability to craft custom UDP Packets for use during network reconnaissance. UDP pings can be performed via the use of a port scanner or by raw socket manipulation using a scripting or programming language. Packet injection tools are also useful for this purpose. Depending upon the technique used it may also be necessary to sniff the network in order to see the response.
[R.298.1] [REF-20] Stuart McClure, Joel Scambray and George Kurtz. "Hacking Exposed: Network Security Secrets & Solutions". Chapter 2: Scanning, pg. 47. 6th Edition. McGraw Hill. 2009.
[R.298.2] [REF-27] J. Postel. "RFC768 - User Datagram Protocol". August 28, 1980. <http://www.faqs.org/rfcs/rfc768.html>.
[R.298.3] [REF-28] Mark Wolfgang. "Host Discovery with Nmap". November 2002. <http://nmap.org/docs/discovery.pdf>.
[R.298.4] [REF-22] Gordon "Fyodor" Lyon. "Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning". Section 3.6.3 TCP UDP Ping, pg. 63. 3rd "Zero Day" Edition,. Insecure.com LLC, ISBN: 978-0-9799587-1-7. 2008.
More information is available — Please select a different filter.