open ports

[Tony Arnold]

Gabe,

On Sun, 2006-09-03 at 21:26 +0100, Gabriel M Dragffy wrote:

> > The difference is that a firewall will silently drop any packets
> > arriving on these filtered ports, whereas a system that is just not
> > listening on these ports will respond with a negative acknowledgement.
> > Utilities such as nmap use this to distinguish the two cases.
> > 
> > Regards,
> > Tony.
> > -- 
> > Tony Arnold, IT Security Coordinator, University of Manchester,
> > IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
> > T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
> > E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold
> > 
> 
> If you read the nmap documentation "filtered" is an alias for "not
> open". This is the result you get when the ports are closed and the host
> responds with a reject packet, rather than dropping the packets.

This is not correct. I quote from the nmap man page:

> The state is either open,
>        filtered, closed, or unfiltered. Open means that an application on the
>        target machine is listening for connections/packets on that port.
>        Filtered means that a firewall, filter, or other network obstacle is
>        blocking the port so that Nmap cannot tell whether it is open or
>        closed. 

I think you get a state of 'unfiltered' or maybe 'closed' for ports which have nothing
listening on them and no firewall blocking the connection.

Regards,
Tony.
-- 
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold