UDP (User Datagram Protocol), per RFC 768, is connectionless, lacking TCP’s handshake or
acknowledgment mechanisms. When a UDP packet reaches a port:
Closed Port: The host typically sends an ICMP "Destination Port Unreachable" (Type 3, Code 3) unless
suppressed (e.g., by firewall or OS settings).
Open Port: If a service is listening (e.g., DNS on 53/UDP), it processes the packet but doesn’t
inherently reply unless the application protocol requires it (e.g., DNS sends a response).
Scenario: An open UDP port behind a firewall, with the firewall rule allowing traffic (e.g., permit udp
any host 10.0.0.1 eq 123). The packet reaches the service, but UDP itself doesn’t mandate a
response. Most services (e.g., NTP, SNMP) only reply if the packet matches an expected request. In
this question’s generic context (no specific service), no response is the default, as the firewall permits
the packet, and the open port silently accepts it without feedback.
Security Implications: This silence makes UDP ports harder to scan (e.g., Nmap assumes
"open|filtered" for no response), but exposed open ports risk amplification attacks (e.g., DNS
reflection). CNSP likely contrasts UDP’s behavior with TCP for firewall rule crafting.
Why other options are incorrect:
A . ICMP message showing Port Unreachable: Occurs for closed ports, not open ones, unless the
service explicitly rejects the packet (rare).
C . A SYN Packet: SYN is TCP-specific (handshake initiation), irrelevant to UDP.
D . A FIN Packet: FIN is TCP-specific (connection closure), not UDP.
Real-World Context: Testing UDP 53 (DNS) with dig @8.8.8.8 +udp yields a response, but generic UDP
probes (e.g., nc -u) often get silence.
Reference: CNSP Official Documentation (UDP and Firewall Behavior); RFC 768 (UDP).
