Security Basics mailing list archives
Re: Filtered v. Closed v. Open
From: alias () securityfocus com
Date: Mon, 22 Sep 2003 14:39:18 +0300
On Friday 19 September 2003 21:46, Jonathan Sanders wrote:
What is the difference between a filtered port and an open port?
I assume you use Nmap. In this context, a port is registered as closed when there is no prossess running that listens to conections to that port. Normally you receive a RST as a responce. On the other hand, you have a port reported as filtered when a firewall blocks packets and (typically) drops them ( -j DROP). Then no responce comes back. Note that a filtered port is unknown to you whether it is open or closed.
When doing a port scan using nmap, I had several come back saying 25/tcp was an open port, but after checking, the supposed host did NOT have SMTP service running.
How did you check? It is possible that a prossess other than an mail server to run at port 25/tcp. Did you try -sV at the command line? It works miracles from Nmap 3.40 onwards.
So 25 being open just means the firewall is allowing that traffic right even though there's no service running on that port?
No. Open is a port when it will accept() connections, therefore a process must be running and listening to that port. And yes, to see a port as open, the firewall must allow access to it.
Guess my question is still what is the difference between filtered, closed and open ports.
A post to nmap-hackers () insecure org or nmap-dev () insecure org would be more illuminating (and presumably correct)
Thanks... Jonathan
Anytime CG ____________________________________________________________________ http://www.freemail.gr - äùñåÜí õðçñåóßá çëåêôñïíéêïý ôá÷õäñïìåßïõ. http://www.freemail.gr - free email service for the Greek-speaking. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Filtered v. Closed v. Open Jonathan Sanders (Sep 19)
- Re: Filtered v. Closed v. Open Matt Howard (Sep 19)
- Re: Filtered v. Closed v. Open alias (Sep 22)
- <Possible follow-ups>
- RE: Filtered v. Closed v. Open Jorge Coll (Sep 19)
- RE: Filtered v. Closed v. Open Hagen, Eric (Sep 19)
- RE: Filtered v. Closed v. Open Meidinger Chris (Sep 22)