Drawbacks to UDP Scanning

Drawbacks to UDP Scanning

UDP port scanning does present significant problems.
Open ports do not have to acknowledge probes and closed ports do not
have to send an error response. Most operating systems, however, do
return an ICMP port unreachable when a closed port is scanned.
Therefore one can readily establish which ports are open by excluding
those that are not.
There is no guarantee that the UDP packets that one sends will arrive or
that the ICMP port unreachable will be returned successfully.
If it is suspected that packets are being lost or dropped en route, then
packets must be re-transmitted. This again is problematic, as some
operating systems have implemented a restriction on the amount of
ICMP error messages that can be transmitted (see RFC1812 section
4.3.2.8).
To use the raw ICMP sockets necessary for reading the ICMP port
unreachable replies the investigator have sufficient rights (superuser
right on UNIX and LINUX systems). Although this is not normally an
issue, it may need to be taken into account - especially if initiating scans
from a compromised system.
Sending data to a UDP port may produce spurious results, as many
services may not know how to respond.