Security Basics mailing list archives
RE: Filtered v. Closed v. Open
From: Meidinger Chris <chris.meidinger () badenit de>
Date: Mon, 22 Sep 2003 09:44:43 +0100
Great answer Jorge. About 25 being open, you can then extrapolate from the information that open is anywhere you get an ACK/SYN back, and check if the machines with supposed SMTP maybe have something else there. Portsentry, for example, will open connections on lots of ports in order to hide which are truly open. Perhaps the host was using something like that. Chris -----Original Message----- From: Jorge Coll [mailto:jcoll () commonx com] Sent: Friday, September 19, 2003 10:01 PM To: Jonathan Sanders Cc: security-basics () securityfocus com Subject: RE: Filtered v. Closed v. Open Closed Port: - If you send a SYN to a closed port, it will respond back with a RST. Open Port: - If you send a SYN to an open port, you would expect to receive a SYN/ACK. Filtered Port: - Presumably, the host is behind some sort of firewall. Here, the packet is simply dropped and you receive no response (not even a RST). -jc -----Original Message----- From: Jonathan Sanders [mailto:sandejm () groupwise1 duc auburn edu] Sent: Friday, September 19, 2003 2:47 PM To: @securityfocus.com <security-basics () securityfocus com Subject: Filtered v. Closed v. Open What is the difference between a filtered port and an open port? One would automatically say the former is behind a firewall of some sorts right? When doing a port scan using nmap, I had several come back saying 25/tcp was an open port, but after checking, the supposed host did NOT have SMTP service running. So 25 being open just means the firewall is allowing that traffic right even though there's no service running on that port? Guess my question is still what is the difference between filtered, closed and open ports. Thanks... Jonathan ------------------------------------------------------------------------ --- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Filtered v. Closed v. Open Jonathan Sanders (Sep 19)
- Re: Filtered v. Closed v. Open Matt Howard (Sep 19)
- Re: Filtered v. Closed v. Open alias (Sep 22)
- <Possible follow-ups>
- RE: Filtered v. Closed v. Open Jorge Coll (Sep 19)
- RE: Filtered v. Closed v. Open Hagen, Eric (Sep 19)
- RE: Filtered v. Closed v. Open Meidinger Chris (Sep 22)