|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: nmap
From: Ryan Yagatich (ryagatich
CSN1.COM)Date: Thu Oct 12 2000 - 15:07:26 CDT
- Next message: Kyle Wheeler: "Re: nmap"
- Previous message: Guilherme Mesquita: "Re: nmap"
- In reply to: Infrastructure Dept.: "nmap"
- Next in thread: David D.W. Downey: "Re: nmap"
- Next in thread: Kyle Wheeler: "Re: nmap"
- Reply: Ryan Yagatich: "Re: nmap"
- Reply: David D.W. Downey: "Re: nmap"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
filter port 22
/sbin/ipchains -A output -s $EXTIP 22 -j DENY
nmap returns...
Port State Service
22/tcp filtered ssh
as far as i understand, if more ports are shown filtered than closed, it
will display the filtered ports. if more ports are closed than filtered,
visa-versa.
Another way:..
only allow traffic to that particular port from certain IP ranges. then,
each client that attempts to connect to it, will be "connected" but the
machine will drop it.
i hope that this explains a little.
if anyone has any additions or corrections, please, let me know.
ryan
-----Original Message-----
From: Focus on Linux Mailing List
[mailto:FOCUS-LINUXSECURITYFOCUS.COM]On Behalf Of Infrastructure Dept.
Sent: Thursday, October 12, 2000 10:19 AM
To: FOCUS-LINUXSECURITYFOCUS.COM
Subject: nmap
What does it mean when nmap reports a port is filtered? I am trying to
figure out a problem on the corporate LAN and when I scan a certain NT
workstation, nmap reports almost all of the first 1024 ports closed but
displays them, which I find strange. Then it says the ports not listed are
filtered.
In my experience, nmap usually only displays open ports and reports the rest
closed. On this host it actually shows me ever port closed. Has this machine
been compromised? Any ideas?
SAMPLE OF OUTPUT when nmap -sS was used
(The 1022 ports scanned but not shown below are in state: filtered)
Port State Service
113/tcp closed auth
1024/tcp closed kdm
1025/tcp closed listen
1026/tcp closed nterm
1030/tcp closed iad1
1031/tcp closed iad2
1032/tcp closed iad3
1058/tcp closed nim
1059/tcp closed nimreg
1067/tcp closed instl_boots
1068/tcp closed instl_bootc
1080/tcp closed socks
<SNIP TO SAVE SPACE>
20005/tcp closed btx
22273/tcp closed wnn6
22289/tcp closed wnn6_Cn
22305/tcp closed wnn6_Kr
22321/tcp closed wnn6_Tw
26208/tcp closed wnn6_DS
27665/tcp closed Trinoo_Master
31337/tcp closed Elite
32770/tcp closed sometimes-rpc3
32771/tcp closed sometimes-rpc5
32772/tcp closed sometimes-rpc7
32773/tcp closed sometimes-rpc9
32774/tcp closed sometimes-rpc11
32775/tcp closed sometimes-rpc13
32776/tcp closed sometimes-rpc15
32777/tcp closed sometimes-rpc17
32778/tcp closed sometimes-rpc19
32779/tcp closed sometimes-rpc21
32780/tcp closed sometimes-rpc23
32786/tcp closed sometimes-rpc25
32787/tcp closed sometimes-rpc27
43188/tcp closed reachout
47557/tcp closed dbbrowse
65301/tcp closed pcanywhere
Mr. I.
Network Engineer / Ops Manager
Narellan (NorthEast) Inc.
- Next message: Kyle Wheeler: "Re: nmap"
- Previous message: Guilherme Mesquita: "Re: nmap"
- In reply to: Infrastructure Dept.: "nmap"
- Next in thread: David D.W. Downey: "Re: nmap"
- Next in thread: Kyle Wheeler: "Re: nmap"
- Reply: Ryan Yagatich: "Re: nmap"
- Reply: David D.W. Downey: "Re: nmap"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]