[kwlug-disc] Mysterious filtered ports on a server
Remi Gauvin
remi at georgianit.com
Wed Oct 26 16:19:32 EDT 2016
On 16-10-26 04:01 PM, B.S. wrote:
> On 10/26/2016 11:29 AM, bob+kwlug at softscape.ca wrote:
>
> IIUC the messages, no - these ports came up because he was on the other
> side of a router when scanning, and getting reports on open ports from
> other devices with (munged) IP's that looked to him like his server.
>
Actually, they Nmap was reporting the ports as "filtered". That means
the network packets were getting dropped into a bitbuket. (IP tables
calls this the Drop target. Firewalls and routers often call this
'stealthed' mode.) In this case, it's possible the reply packets were
the one hitting a "closed" wall.
But you are correct that the action was happening in the router, hence
trying to find the the source on the server was chasing a false negative.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: remi.vcf
Type: text/x-vcard
Size: 193 bytes
Desc: not available
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20161026/9b75a7f6/attachment.vcf>
More information about the kwlug-disc
mailing list