open ports
Tony Arnold
tony.arnold at manchester.ac.uk
Sun Sep 3 15:38:04 UTC 2006
Gabe,
On Sun, 2006-09-03 at 21:26 +0100, Gabriel M Dragffy wrote:
> > The difference is that a firewall will silently drop any packets
> > arriving on these filtered ports, whereas a system that is just not
> > listening on these ports will respond with a negative acknowledgement.
> > Utilities such as nmap use this to distinguish the two cases.
> >
> > Regards,
> > Tony.
> > --
> > Tony Arnold, IT Security Coordinator, University of Manchester,
> > IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
> > T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
> > E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold
> >
>
> If you read the nmap documentation "filtered" is an alias for "not
> open". This is the result you get when the ports are closed and the host
> responds with a reject packet, rather than dropping the packets.
This is not correct. I quote from the nmap man page:
> The state is either open,
> filtered, closed, or unfiltered. Open means that an application on the
> target machine is listening for connections/packets on that port.
> Filtered means that a firewall, filter, or other network obstacle is
> blocking the port so that Nmap cannot tell whether it is open or
> closed.
I think you get a state of 'unfiltered' or maybe 'closed' for ports which have nothing
listening on them and no firewall blocking the connection.
Regards,
Tony.
--
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold
More information about the ubuntu-users
mailing list