Security Basics mailing list archives

Re: Filtered v. Closed v. Open

From: Matt Howard <mhoward () hattmoward org>
Date: Fri, 19 Sep 2003 16:00:29 -0500

On Friday 19 September 2003 1:46 pm, Jonathan Sanders wrote:

What is the difference between a filtered port and an open port?  One
would automatically say the former is behind a firewall of some sorts
right?  When doing a port scan using nmap, I had several come back
saying 25/tcp was an open port, but after checking, the supposed host
did NOT have SMTP service running.  So 25 being open just means the
firewall is allowing that traffic right even though there's no service
running on that port?  Guess my question is still what is the difference
between filtered, closed and open ports.  Thanks...

Jonathan


Closed means that nmap got a response saying that the port was closed; 
Filtered means that the SYN packet to open the connection was dropped or 
ignored and got no response.

-- 
Matt Howard <mhoward () hattmoward org>
http://hattmoward.org

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Filtered v. Closed v. Open Jonathan Sanders (Sep 19)
- Re: Filtered v. Closed v. Open Matt Howard (Sep 19)
- Re: Filtered v. Closed v. Open alias (Sep 22)
- <Possible follow-ups>
- RE: Filtered v. Closed v. Open Jorge Coll (Sep 19)
- RE: Filtered v. Closed v. Open Hagen, Eric (Sep 19)
- RE: Filtered v. Closed v. Open Meidinger Chris (Sep 22)