Security Incidents mailing list archives
Re: nmap reveals trinoo_master on router
From: Robin Sheat <robin () kallisti net nz>
Date: Thu, 19 Oct 2006 10:31:13 +1300
On Thursday 19 October 2006 00:35, fahimdxb () gmail com wrote:
I am worried about the last two entries. The last nmap was done in Feb this year and I have confirmed that the two port entries (tcp 1524/27665) did not exist then.
IIRC, 'filtered' from nmap means that there was no response to that probe. Normally a test will say 'connection refused' if you try to conenct to a non-existant port. In this case, there was no response at all. In my (fairly limited) experience with that kind of thing, it usually means that the ISP or another firewall somewhere are simply dropping the packets. It could well even be an outgoing firewall on the part of the ISP that you're running the scan from. Oh, the relevant section from the nmap man page: [...] The state is either open, filtered, closed, or unfiltered. Open means that an application on the target machine is listening for connections/packets on that port. Filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed. Closed ports have no application listening on them, though they could open up at any time. Ports are classified as unfiltered when they are responsive to Nmap’s probes, but Nmap cannot determine whether they are open or closed. Nmap reports the state combinations open|filtered and closed|filtered when it cannot determine which of the two states describe a port. -- Robin <robin () kallisti net nz> JabberID: <eythian () jabber kallisti net nz> Hostes alienigeni me abduxerunt. Qui annus est? PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8 7175 14D3 6485 A99C EB6D
Attachment:
_bin
Description:
Current thread:
- nmap reveals trinoo_master on router fahimdxb (Oct 18)
- Re: nmap reveals trinoo_master on router Robin Sheat (Oct 18)
- <Possible follow-ups>
- RE: nmap reveals trinoo_master on router Dario Ciccarone (dciccaro) (Oct 18)
- RE: nmap reveals trinoo_master on router Maxime Ducharme (Oct 23)