[kwlug-disc] Mysterious filtered ports on a server
B.S.
bs27975.2 at gmail.com
Wed Oct 26 16:01:31 EDT 2016
On 10/26/2016 11:29 AM, bob+kwlug at softscape.ca wrote:
> Paul,
>
> Just so I have this clear in my head, was the reason that those ports
> came up on your nmap scan because you were blocking the reply packets
> of "nothing here" at the border?
>
> (the other)Bob.
IIUC the messages, no - these ports came up because he was on the other
side of a router when scanning, and getting reports on open ports from
other devices with (munged) IP's that looked to him like his server.
(Thus netstat didn't show the ports open on the server itself.)
So, upon traversing the router, where the packet actually got redirected
to, who knows. And it would be the router's outside side of the IP
substitution that would get reported, not the internal one.)
In essence, a false positive. (Making him chase his tail trying to prove
a negative - which is never in any ways fun.)
If I followed things accurately.
More information about the kwlug-disc
mailing list