[lug] Firewall / Lockdown questions

dio2002 at indra.com dio2002 at indra.com
Wed Aug 1 17:28:20 MDT 2007


> On 7/31/07, dio2002 at indra.com <dio2002 at indra.com> wrote:
>> Found another open port on my box from a remote box
>>
>> PORT    STATE    SERVICE
>> 623/tcp filtered unknown
>> 664/tcp filtered unknown
>
> nmap uses "filtered" to report a port that it doesn't get a response
> from. From the nmap manpage:
>
>        Filtered means that a firewall, filter, or other network obstacle
> is
>        blocking the port so that Nmap cannot tell whether it is open or
>        closed.
>
> This means a firewall (most likely iptables on the machine you're
> scanning) is dropping all connection attempts to ports 623 and 664
> instead of responding with a TCP FIN packet (which means the port is
> closed). The port isn't open -- which is why netstat isn't showing
> anything -- but nmap is reporting it because it's getting a different
> result from the other ports it scanned.

good explanation. thanks



More information about the LUG mailing list