Overview
You are getting a 'UDP scan is not reliable on this machine' error in the scanning job details.
Solution
UDP is a connection-less protocol, i.e., when a UDP packet is sent to a port that is OPEN, the receiving computer does not send a packet back confirming the receipt of the packet. If the target port is NOT OPEN, then the target machine sends back an ICMP Destination Port Unreachable packet. Therefore, the standard way UDP scanners determine a port is OPEN is the failure to receive the ICMP Destination Port Unreachable packet. GFI LanGuard works in the same way.
That means that anything that interferes with the ICMP packets would cause a scanner to think all ports are open and produce false positives. Therefore, before beginning its UDP scan, GFI LanGuard tries to determine whether UDP scanning is reliable on the machine.
To accomplish this, LanGuard first scans 25 randomly chosen ports in the range of 30000 – 65035. Since it is statistically unlikely that more than one of these ports is open, LanGuard should receive ICMP packets back on most of these attempts. If more than one attempt returns nothing, LanGuard declares that UDP port scanning is unreliable and reports the error in the scan result, saying 'UDP scan is not reliable on this machine'.
This can happen for the following reasons:
- The ICMP packages are blocked by a firewall between the scanned machine and LanGuard.
- An IDS or other security system prevents the client from sending an ICMP response.
- The ICMP packages do not arrive faster than our UDP timeout. In these cases, the UDP timeout can be changed from the Scanning Profiles Editor > Scanner Options > UDP port scan query timeout.
- A frequent cause of unreliable UDP port scanning is also the Windows Vista and Windows 7 TCP/IP stack, which does not send all of the needed ICMP Destination Port Unreachable packets back to the application (this is a security measure in the Windows operating system). In this case, only an Agent can perform a reliable scan of open UDP ports.
In other words, this error usually represents the security measure in your environment and informs you that UDP ports scan results won't be reliable. You can ignore remove blocks or ignore the error / disable UDP scanning in Scanning Profile.
The accuracy of the LanGuard UDP scan can be checked by locating the list of generated random UDP ports in the scanning debug logs, and performing tests from the LanGuard server toward those ports on the target machine with Nmap or netcat.