Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Port scans are easy to run and have few disadvantages. This type of scan usually does not negatively affect the network, but scans help attackers take steps to discover and exploit any known vulnerabilities for those services.
The system might change the risk score for this detection.
Kill Chain
Risk Score
60
An attacker initiates a UDP port scan to search for services that are listening on open UDP ports. Port scans are a common form of reconnaissance. First, an attacker sends a UDP datagram to many ports on a network. The attacker can then ignore closed ports that returned an ICMP unreachable error. UDP scans are considered to be less informative than TCP scans, but they can reveal common services that communicate over UDP, such as DNS, SNMP, or DHCP. Tools for performing such scans are widely available, including the popular Nmap Security Scanner.
Disable unnecessary services that communicate over UDP
Place devices that must communicate over UDP behind a firewall that restricts inbound and outbound traffic to authorized hosts
Monitor unusual instances of UDP traffic between hosts to mitigate additional UDP scans
