[lug] Firewall / Lockdown questions
dio2002 at indra.com
dio2002 at indra.com
Wed Aug 1 17:28:20 MDT 2007
> On 7/31/07, dio2002 at indra.com <dio2002 at indra.com> wrote:
>> Found another open port on my box from a remote box
>>
>> PORT STATE SERVICE
>> 623/tcp filtered unknown
>> 664/tcp filtered unknown
>
> nmap uses "filtered" to report a port that it doesn't get a response
> from. From the nmap manpage:
>
> Filtered means that a firewall, filter, or other network obstacle
> is
> blocking the port so that Nmap cannot tell whether it is open or
> closed.
>
> This means a firewall (most likely iptables on the machine you're
> scanning) is dropping all connection attempts to ports 623 and 664
> instead of responding with a TCP FIN packet (which means the port is
> closed). The port isn't open -- which is why netstat isn't showing
> anything -- but nmap is reporting it because it's getting a different
> result from the other ports it scanned.
good explanation. thanks
More information about the LUG
mailing list