RE: Filtered v. Closed v. Open

["Hagen, Eric" <ehagen () DenverNewspaperAgency com>]

When queried with a TCP SYN:

Open port is supposed to return SYN-ACK to indicate ready to recieve
Closed port is supposed to return RST to indicate port not ready
Filtered port returns nothing because traffic is not allowed to pass.

If you don't know about SYN/SYN-ACK/ACK/RST, read up on the TCP protocol
handskake a bit.

Eric Hagen

-----Original Message-----
From: Jonathan Sanders [mailto:sandejm () groupwise1 duc auburn edu]
Sent: Friday, September 19, 2003 12:47 PM
To: <@securityfocus.com
Subject: Filtered v. Closed v. Open


What is the difference between a filtered port and an open port?  One
would automatically say the former is behind a firewall of some sorts
right?  When doing a port scan using nmap, I had several come back
saying 25/tcp was an open port, but after checking, the supposed host
did NOT have SMTP service running.  So 25 being open just means the
firewall is allowing that traffic right even though there's no service
running on that port?  Guess my question is still what is the difference
between filtered, closed and open ports.  Thanks...

Jonathan

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------