RE: Filtered v. Closed v. Open

["Jorge Coll" <jcoll () commonx com>]

Closed Port:
- If you send a SYN to a closed port, it will respond back with a RST.
Open Port:
- If you send a SYN to an open port, you would expect to receive a
SYN/ACK.
Filtered Port:
- Presumably, the host is behind some sort of firewall.  Here, the
packet is simply dropped and you receive no response (not even a RST).

-jc


-----Original Message-----
From: Jonathan Sanders [mailto:sandejm () groupwise1 duc auburn edu] 
Sent: Friday, September 19, 2003 2:47 PM
To: @securityfocus.com <security-basics () securityfocus com
Subject: Filtered v. Closed v. Open

What is the difference between a filtered port and an open port?  One
would automatically say the former is behind a firewall of some sorts
right?  When doing a port scan using nmap, I had several come back
saying 25/tcp was an open port, but after checking, the supposed host
did NOT have SMTP service running.  So 25 being open just means the
firewall is allowing that traffic right even though there's no service
running on that port?  Guess my question is still what is the difference
between filtered, closed and open ports.  Thanks...

Jonathan

------------------------------------------------------------------------
---
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------