[kwlug-disc] Mysterious filtered ports on a server
B. S.
bs27975 at gmail.com
Wed Oct 26 16:37:26 EDT 2016
On 10/26/2016 04:19 PM, Remi Gauvin wrote:
> On 16-10-26 04:01 PM, B.S. wrote:
>> On 10/26/2016 11:29 AM, bob+kwlug at softscape.ca wrote:
>
>>
>> IIUC the messages, no - these ports came up because he was on the other
>> side of a router when scanning, and getting reports on open ports from
>> other devices with (munged) IP's that looked to him like his server.
>>
>
> Actually, they Nmap was reporting the ports as "filtered". That means
> the network packets were getting dropped into a bitbuket. (IP tables
> calls this the Drop target. Firewalls and routers often call this
> 'stealthed' mode.) In this case, it's possible the reply packets were
> the one hitting a "closed" wall.
D'OH! Right. (As in, gotcha.)
[Others call it ignore.]
However, the curious thing, if dropped, is that there were replies at all.
Can't just be the lack of response triggered an expectation of an open
port. (60K+ ports are that way all the time.)
nessus can be a friend in such times.
More information about the kwlug-disc
mailing list