There are three states for a port:
- OPEN
-
A program on your computer is listening for incoming
data
- CLOSED
-
The port is currently not used on your computer.
- BLOCKED
-
The firewall (i.e. Defender) is blocking access to
the port regardless if it is OPEN or CLOSED
A UDP scan will send packets
at all the ports on the system in order to test whether
they are OPEN or CLOSED. An OPEN port will usually generate
no response, whereas a CLOSED port will respond with
a "ICMP Destination Port Unreachable" packet.
If the firewall settings block access to the port,
then no response will be generated. Therefore, both
OPEN ports and BLOCKED ports produce the same results.
The UDP scanner isn't smart enough to figure out
the difference.
The correct logic would be that if ICMP Unreachable
responses were received for 99% of the ports, then
it could be reasonably assumed that the other 1%
of the ports are OPEN. However, if 100% of the ports
give no responses, then the conclusion should be
that a firewall is blocking access to those ports.
Also note that it is impossible to have all the ports
open. At most, the machine could handle a few hundred open
ports, not the thousands that the scanner is claiming.
