Re: port scan--"filtered" ports



On Thu, Jul 15, 2010 at 12:47 AM, Naruto Uzumaki <ageofnaruto@xxxxxxxxx> wrote:
When performing TCP port scanning Nmap marks a port filtered if it
either gets an ICMP port unreachable or no response. Now, this could
be because either a firewall or the scanning host is generating ICMP
ports or silently dropping packets.

By marking them as filtered does it mean that there could be a service
running on these ports but that service is only accessible by internal
users or limited public IPs and blocked for other hosts?

Hi,

Firewall can be the reason.
While scanning the host with SYN scan and if it's showing the target
port as 'filtered', you can scan the same again with ACK scan
type(using -sA switch in nmap).

In case, there is a firewall, ACK packet is simply supposed to be
dropped, so would show it as 'filtered' and you can be sure that there
*is* a firewall.
And if, it receives RST in response, it would show you 'unfiltered'.

HTH.

--
Thanks,
Sagar Belure
Security Analyst
Secfence Technologies
www.secfence.com

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • RE: Strange replies on closed port
    ... port should be a RST - not dropping the packet. ... receiving an UDP datagram to a non 'listening' port. ... that message isn't generated by the end host, ... Connecting to a closed Port w/o Firewall: ...
    (Pen-Test)
  • Re: DLINK DI 707P firewall-question
    ... > I am not quite sure if I am using firewall or filter settings, ... you set up a firewall rule. ... If two computers "talking" to each other they connect from one port ... of host A to another port of host B. ...
    (comp.security.firewalls)
  • Re: REMOTE DESKTOP NOT WORKING ANY LONGER PLEASE HELP!
    ... The host is a vista machine and it is located at my house. ... the port in the registry and also the firewall exception as well. ... centrally managed GPO which disables Remote Desktop connections. ...
    (microsoft.public.windows.terminal_services)
  • Re: Strange MTU Problem
    ... there is a firewall that is dropping ICMP Type 3 Code 4 ... unless I've added a rule telling the firewall to forward port $FOO ... application tried to connect to host $FOO on the Internet - is this OK?" ... Does the router know how to forward the ICMP ...
    (comp.os.linux.networking)
  • Re: keeping ports open
    ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ...
    (microsoft.public.security)