Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Filtered v. Closed v. Open

From: Meidinger Chris <chris.meidinger () badenit de>
Date: Mon, 22 Sep 2003 09:44:43 +0100
Great answer Jorge. 

About 25 being open, you can then extrapolate from the information that open
is anywhere you get an ACK/SYN back, and check if the machines with supposed
SMTP maybe have something else there. Portsentry, for example, will open
connections on lots of ports in order to hide which are truly open. Perhaps
the host was using something like that.

Chris

-----Original Message-----
From: Jorge Coll [mailto:jcoll () commonx com] 
Sent: Friday, September 19, 2003 10:01 PM
To: Jonathan Sanders
Cc: security-basics () securityfocus com
Subject: RE: Filtered v. Closed v. Open



Closed Port:
- If you send a SYN to a closed port, it will respond back with a RST. Open
Port:
- If you send a SYN to an open port, you would expect to receive a SYN/ACK.
Filtered Port:
- Presumably, the host is behind some sort of firewall.  Here, the packet is
simply dropped and you receive no response (not even a RST).

-jc


-----Original Message-----
From: Jonathan Sanders [mailto:sandejm () groupwise1 duc auburn edu] 
Sent: Friday, September 19, 2003 2:47 PM
To: @securityfocus.com <security-basics () securityfocus com
Subject: Filtered v. Closed v. Open

What is the difference between a filtered port and an open port?  One would
automatically say the former is behind a firewall of some sorts right?  When
doing a port scan using nmap, I had several come back saying 25/tcp was an
open port, but after checking, the supposed host did NOT have SMTP service
running.  So 25 being open just means the firewall is allowing that traffic
right even though there's no service running on that port?  Guess my
question is still what is the difference between filtered, closed and open
ports.  Thanks...

Jonathan

------------------------------------------------------------------------
---
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: