[kwlug-disc] Mysterious filtered ports on a server
bob+kwlug at softscape.ca
bob+kwlug at softscape.ca
Thu Oct 27 20:18:25 EDT 2016
Finally! After all these years I understand what 'filtered' means on an nmap scan!
Thanks all!
BB
> -----Original Message-----
> From: kwlug-disc [mailto:kwlug-disc-bounces at kwlug.org] On Behalf Of Hubert
> Chathi
> Sent: Wednesday, October 26, 2016 5:22 PM
> To: kwlug-disc at kwlug.org
> Subject: Re: [kwlug-disc] Mysterious filtered ports on a server
>
> On Wed, 26 Oct 2016 16:37:26 -0400, "B. S." <bs27975 at gmail.com> said:
>
> > However, the curious thing, if dropped, is that there were replies at
> > all.
>
> > Can't just be the lack of response triggered an expectation of an open
> > port. (60K+ ports are that way all the time.)
>
> If there is nothing listening on a port, then the OS will send back a
> reply saying there's nothing there. If it is firewalled with the DROP
> rule (in iptables), then the OS will not send anything back. If you
> want to make it look like a normal closed port, then you use the REJECT
> rule.
>
> nmap is working on the fact that there is no reply to its probe (rather
> than the usual "there's nothing on this port" reply) to detect that the
> port has been firewalled.
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
More information about the kwlug-disc
mailing list