Security Basics mailing list archives
Re: port scan--"filtered" ports
From: Sagar Belure <sagar.belure () gmail com>
Date: Thu, 15 Jul 2010 12:05:40 +0530
On Thu, Jul 15, 2010 at 12:47 AM, Naruto Uzumaki <ageofnaruto () gmail com> wrote:
When performing TCP port scanning Nmap marks a port filtered if it either gets an ICMP port unreachable or no response. Now, this could be because either a firewall or the scanning host is generating ICMP ports or silently dropping packets. By marking them as filtered does it mean that there could be a service running on these ports but that service is only accessible by internal users or limited public IPs and blocked for other hosts?
Hi, Firewall can be the reason. While scanning the host with SYN scan and if it's showing the target port as 'filtered', you can scan the same again with ACK scan type(using -sA switch in nmap). In case, there is a firewall, ACK packet is simply supposed to be dropped, so would show it as 'filtered' and you can be sure that there *is* a firewall. And if, it receives RST in response, it would show you 'unfiltered'. HTH. -- Thanks, Sagar Belure Security Analyst Secfence Technologies www.secfence.com ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- port scan--"filtered" ports Naruto Uzumaki (Jul 14)
- Re: port scan--"filtered" ports Sagar Belure (Jul 16)
- Re: port scan--"filtered" ports Andre Pawlowski (Jul 19)
- Re: port scan--"filtered" ports Pen Testr (Jul 20)