Scan UDP

Hi, Community.

i'm testing UDP ports scans with Nmap but Bro doesn't detect this scan

Bro implements this scan type detect?

I'm using hooks (Scan::addr_scan_policy Scan::port_scan_policy) to
generate logs, with UDP the logs remain empty.
However, the UDP connections was stored in conn.log.

Thanks and sorry for my english.

There is a prototype script that we put together a while ago that detects UDP scans. If you run it, I'd love to get any feedback that you have.


I like this script and am using it in production. The *nix traceroute
utility does trigger it, because it uses the sequential UDP port numbers
by default instead of ICMP... so I would like to exclude those.