[kwlug-disc] Mysterious filtered ports on a server
Hubert Chathi
hubert at uhoreg.ca
Wed Oct 26 17:21:37 EDT 2016
On Wed, 26 Oct 2016 16:37:26 -0400, "B. S." <bs27975 at gmail.com> said:
> However, the curious thing, if dropped, is that there were replies at
> all.
> Can't just be the lack of response triggered an expectation of an open
> port. (60K+ ports are that way all the time.)
If there is nothing listening on a port, then the OS will send back a
reply saying there's nothing there. If it is firewalled with the DROP
rule (in iptables), then the OS will not send anything back. If you
want to make it look like a normal closed port, then you use the REJECT
rule.
nmap is working on the fact that there is no reply to its probe (rather
than the usual "there's nothing on this port" reply) to detect that the
port has been firewalled.
More information about the kwlug-disc
mailing list