tony.arnold at manchester.ac.uk
Sun Sep 3 15:38:04 UTC 2006
On Sun, 2006-09-03 at 21:26 +0100, Gabriel M Dragffy wrote:
> > The difference is that a firewall will silently drop any packets
> > arriving on these filtered ports, whereas a system that is just not
> > listening on these ports will respond with a negative acknowledgement.
> > Utilities such as nmap use this to distinguish the two cases.
> > Regards,
> > Tony.
> > --
> > Tony Arnold, IT Security Coordinator, University of Manchester,
> > IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
> > T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
> > E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold
> If you read the nmap documentation "filtered" is an alias for "not
> open". This is the result you get when the ports are closed and the host
> responds with a reject packet, rather than dropping the packets.
This is not correct. I quote from the nmap man page:
> The state is either open,
> filtered, closed, or unfiltered. Open means that an application on the
> target machine is listening for connections/packets on that port.
> Filtered means that a firewall, filter, or other network obstacle is
> blocking the port so that Nmap cannot tell whether it is open or
I think you get a state of 'unfiltered' or maybe 'closed' for ports which have nothing
listening on them and no firewall blocking the connection.
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold
More information about the ubuntu-users