UDP ports blocked... Or are they?

Wed, 4 Jul 2001 03:42:14 +1000

Hi,

When doing some scans of my firewall with nmap using this command: nmap -sU -p
1-100 -O xxx.xxx.xxx.xxx So basically just a udp scan.

I see a heap of logs similar to the following in my logs.

July kernel: IPT IN_DROP: IN=eth0 LEN=328 TOS=0x00 PREC=0x00 TTL=50 ID=56753
PROTO=UDP SPT=42328 DPT=51 LEN=308 

but nmap reports:

Port       State       Service
1/udp      open        tcpmux                  
2/udp      open        compressnet             
3/udp      open        compressnet             
4/udp      open        unknown                 
5/udp      open        rje                     
6/udp      open        unknown                 
7/udp      open        echo                    

etc...

Can someone explain what is going on. Iptables tells me it's dropping the
packets but nmap says that those ports are open not filtered?

thanks,
Brett