Answer
PROBLEM
A full UDP scan to a Linux machine using GFI LANguard does not complete, or takes a very long time to complete. The same scan to a Microsoft Windows machine completes successfully.
ENVIRONMENT
- GFI LanGuard
- All Supported Environments
SOLUTION
Due to the restrictions mentioned below, it is currently not recommended to launch a full UDP scan on hosts implementing the RFC 1812 - section 4.3.2.8 suggestion. Such a scan of a Linux machine may take approximately 18 hours.
CAUSE
UDP scanning on Linux machines may be very slow since these hosts implement a suggestion from RFC 1812 - section 4.3.2.8 of limiting the ICMP error message rate. The Linux kernel (in net/ipv4/icmp.h) limits destination unreachable message generation to 80 per 4 seconds, with a 1/4 second penalty if the limit is exceeded. Solaris systems have stricter limits which are approximately 2 messages per second and therefore scanning a Solaris system will take even longer to scan.
Microsoft Windows does not implement the RFC suggestion mentioned above and therefore it is possible to scan all 65,000 ports of a Microsoft Windows machine very quickly.