Our probe tests to see if the X Display Manager is accessible by sending a “Query” packet to the XDMCP port (177/UDP) and listening for the responses.
The responses received are typically either of the “Willing” type, which means that the X Display Manager is willing to provide service, or the “Unwilling” type, which means that the X Display Manager is not willing to provide services.
XDMCP leaks information about the host system and, in addition, it can be used in an amplification attack, providing an approximate 7x amplification. Please note that it does not matter if XDMCP responds with a “Willing” or an “Unwilling”; the service provides the same level of amplification.
Technical details of the XDMCP protocol can be found on the x.org website.
For more details behind the scan methodology and a daily update of global XDMCP scan statistics please visit our dedicated XDMCP scan page.
For more information on our scanning efforts, check out our Internet scanning summary page.