Security Basics mailing list archives

Re: Help with filtered ports

From: miguel.dilaj () pharma novartis com
Date: Tue, 16 Nov 2004 09:12:53 +0100

Hello Juan,

Filtered means that a firewall is blocking connection attempts to that 
port, but it's not telling you if the port is open or closed. You can't 
reach it to detect that (not with the scan you did, at least).
You can try more advanced scans, like using fragmentation, a specific 
source port for the scan (like 20, 21, 53, 80, etc.), ACK scan, or resort 
to hping and/or firewalk.
Cheers,

Miguel Dilaj (Nekromancer)
www.oissg.org






Juan B <juanbabi () yahoo com>
14/11/2004 05:41

 
        To:     security-basics () securityfocus com
        cc:     (bcc: Miguel Dilaj/PH/Novartis)
        Subject:        Help with filtered ports


Hi!

I scan with nmap a host in the dmz,I found those ports
filtered:

6699/tcp   filtered    napster
8888/tcp   filtered    sun-answerbook
12345/tcp  filtered    NetBus
12346/tcp  filtered    NetBus
27374/tcp  filtered    subseven
27665/tcp  filtered    Trinoo_Master

I know that subseven and netbus are trojans but what
does in mean filtered? what is the best sulution to
fix this problem? format and install this machine?

what is the differance between open and filter ports?
thanks !!!

Current thread:

Help with filtered ports Juan B (Nov 15)
- Re: Help with filtered ports Josh Nerius (Nov 16)
- Re: Help with filtered ports robert (Nov 16)
- Re: Help with filtered ports GuidoZ (Nov 16)
- <Possible follow-ups>
- Re: Help with filtered ports miguel . dilaj (Nov 16)
- RE: Help with filtered ports Mike (Nov 16)