Security Basics mailing list archives
Re: unadministered open ports
From: Jacob Bresciani <jacob () bresciani ca>
Date: Fri, 12 Aug 2005 10:05:40 -0700
I'm jumping into this conversation a little late so I apologize if I'm missing facts.
Filtered ports just mean somewhere between the requesting machine and the answering machine the ports are being filtered. It doesn't mean that they are even open on the answering machine just that somewhere the requests got filtered by a gateway/firewall/... somewhere along the way. The filter could even be happening by personal software on the answering machine even if the ports are already closed, if the firewall says the ports are filtered then that is the reply that is sent back.
hope that helps somewhat. Jacob Bresciani Etraffic Solutions jacob () etrafficsolutions com Systems / Network Administrator BUS (250) 658-8238 ex 39 FAX (250) 658-5936"Passwords are like bubble gum, strongest when fresh, should never be used by groups and create a sticky mess when left laying around"
-anon On Aug 11, 2005, at 9:44 AM, Peter Odigie wrote:
What process spawned the ports?. Take for example the ports below from a workstation The ports that are "filtered" are not supposed to be there, maybe the user is/has done something wrong. Do I have to put a filter on the my gateway? but which ports do I filter? I guess I will finally have to go each of the computers and remove the offending process (maybe a malware) but is there a way to do this remotely? Interesting ports on (The 1653 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 116/tcp filtered ansanotify 135/tcp open msrpc 139/tcp open netbios-ssn 196/tcp filtered dn6-smm-red 445/tcp open microsoft-ds 1025/tcp open NFS-or-IIS 1076/tcp filtered sns_credit 2043/tcp filtered isis-bcast 3389/tcp open ms-term-serv 5000/tcp open UPnP Thanks Peter On Thu, 2005-08-11 at 17:01, Sean Crawford wrote:What ports are they for a start?. What process spawned the ports?. *sigh* ---> -----Original Message----- ---> From: Peter Odigie [mailto:petermariano () ncema gov ng] ---> Sent: Wednesday, 10 August 2005 7:21 PM ---> To: security-basics () securityfocus com ---> Subject: unadministered open ports ---> ---> ---> Hi All --->---> I have noticed that anytime I do a nmap of my LAN I see ports that are---> not supposed to be open or used appearing as "filtered" on my---> workstations. I get a feeling that they have been infected. I will---> want to control this and I will like if I can do it remotely. ---> ---> Any help please ---> ---> Peter ---> ---> ---> ---> ________ Information from NOD32 ________ ---> This message was checked by NOD32 Antivirus System for Linux ---> Mail Server. ---> part000.txt - is OK ---> http://www.nod32.com ---> ---> __________ NOD32 1.1191 (20050810) Information __________ ---> ---> This message was checked by NOD32 antivirus system. ---> http://www.eset.com ---> --->
Current thread:
- unadministered open ports Peter Odigie (Aug 10)
- <Possible follow-ups>
- RE: unadministered open ports Peter Odigie (Aug 12)
- Re: unadministered open ports Jacob Bresciani (Aug 15)
- Re: unadministered open ports Mordread Wallas (Aug 15)
- Re: unadministered open ports keydet89 (Aug 12)
- Call Center Security Basics Mark Teicher (Aug 15)