Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
359
Views
0
Helpful
0
Replies

How does Cisco ASA handle UDP pen-test scans?

Ralphy006
Level 1
Level 1

‎05-22-2017 12:46 PM - edited ‎03-12-2019 02:24 AM

Hi guys,

I have a Cisco ASA being pen-tested.

A bunch of UDP ports are showing as "open." UDP scans are tricky per: https://community.qualys.com/docs/DOC-1185

"Scanning UDP ports is more inference-based, since it does not rely on acknowledgements from the remote host like TCP does, but instead collects all ICMP errors the remote host sends for each closed port.  Therefore, closed ports are detected by the presence of ICMP response packets, open ports are detected by the lack of response packets."

I'm guessing the ASA drops the UDP packet and does NOT give an ICMP error response.

Can anyone confirm this?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card