Symantec Privileged Access Management

 View Only
  • 1.  HOW TO: Port Scan UDP ports

    Posted Oct 08, 2020 11:51 AM
    Is it possible to scan port using the UDP protocol from the PAM Network Tools?

    I was trying to port scan port 9523 (custom port) for an ArcSight syslog integration, however I only get "TCP closed" response. 

    Much obliged

    ------------------------------
    Services Architect
    HCL Technologies Ltd
    ------------------------------


  • 2.  RE: HOW TO: Port Scan UDP ports

    Broadcom Employee
    Posted Oct 09, 2020 01:16 AM

    Hello Sebastiano,

    In all the currently available CA PAM releases, we only have an option to verify if the TCP ports are open/closed / filtered from the UI.

    Currently, the only way out to verify this is after establishing an SSH connection to CA PAM, we can execute the 'nmap' command, for example, "nmap -sU -p  <port>,<port> <Destination host IP>"

    Having the ability to verify if the UDP ports are open from the UI would be a good enhancement to the product, please do file in an idea for the same.

    Thanks,
    Reatesh.



    ------------------------------
    Principal Support Engineer
    Broadcom
    ------------------------------



  • 3.  RE: HOW TO: Port Scan UDP ports

    Posted Oct 09, 2020 10:51 AM
    Thank you Reatesh for your response.

    I would open the idea, but i don't see that link in Communities anymore.

    is there a new process for idea submission?

    ------------------------------
    Services Architect
    HCL Technologies Ltd
    ------------------------------



  • 4.  RE: HOW TO: Port Scan UDP ports

    Posted Oct 09, 2020 10:57 AM
    Nevermind... i figured is out

    ------------------------------
    Services Architect
    HCL Technologies Ltd
    ------------------------------



  • 5.  RE: HOW TO: Port Scan UDP ports

    Broadcom Employee
    Posted Oct 11, 2020 07:07 AM
    Sebastano

    We do have this new feature which allows you to build a spreadsheet and define many of your own nap variables, At least the options which deliver discrete values. This was only added in 3.4.1 and I have not had time to test with it personally but you should try as I believe it will give you this plus more.

    Bulk Network Scan


    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/3-4-1/implementing/configuring-your-server/diagnostics-and-troubleshooting/tools.

    Joe Lutz


  • 6.  RE: HOW TO: Port Scan UDP ports

    Broadcom Employee
    Posted Oct 12, 2020 10:54 AM
    I haven't tested this feature yet myself, but please do some research about UDP port scanning with nmap... the results can be misleading.  For example, most of your results will be "open|filtered"... which basically means that there was no response.  This is because udp services will usually just ignore packets that aren't valid requests, so you have to tell nmap to actually send a valid request per service type to illicit a response.

    https://nmap.org/book/scan-methods-udp-scan.html#:~:text=Fortunately%2C%20Nmap%20can%20help%20inventory,packet%20to%20every%20targeted%20port.


  • 7.  RE: HOW TO: Port Scan UDP ports

    Posted Oct 12, 2020 12:50 PM
    Thanks @Joseph Fry

    I am aware about UDP packet scans are subject to the destination application issuing a response.

    The issue here is that the Syslog server hasn't received any events from the secondary site nodes which are pointing to different Syslog servers than the primary site nodes.​​​

    I guess network admins can always trace packets end to end to determine whether there's a Firewall issue.

    thanks.

    ------------------------------
    Services Architect
    HCL Technologies Ltd
    ------------------------------



  • 8.  RE: HOW TO: Port Scan UDP ports

    Posted Oct 12, 2020 12:45 PM

    Thanks Joseph -

    That feature will definitely come in handy, when the client upgrades in the future.   

    thanks

             ​



    ------------------------------
    Services Architect
    HCL Technologies Ltd
    ------------------------------