Security Basics mailing list archives

Re: Help with filtered ports

From: robert () dyadsecurity com
Date: Mon, 15 Nov 2004 21:47:37 -0800

Juan B(juanbabi () yahoo com)@Sat, Nov 13, 2004 at 09:41:52PM -0800:

I scan with nmap a host in the dmz,I found those ports
filtered:

6699/tcp   filtered    napster
8888/tcp   filtered    sun-answerbook
12345/tcp  filtered    NetBus
12346/tcp  filtered    NetBus
27374/tcp  filtered    subseven
27665/tcp  filtered    Trinoo_Master

I know that subseven and netbus are trojans but what
does in mean filtered? what is the best sulution to
fix this problem? format and install this machine?

what is the differance between open and filter ports?
thanks !!!


It may be helpful to see the TTL values and the source IP of the return packets.  If you add the --packet_trace option 
(must be root), it may help clear some of that up for you.

Optionally, you can also try using unicornscan (http://www.unicornscan.org), which may provide additional insights.

Robert

-- 
Robert E. Lee
CTO, Dyad Security, Inc.
W - http://www.dyadsecurity.com
E - robert () dyadsecurity com
M - (949) 394-2033

Current thread:

Help with filtered ports Juan B (Nov 15)
- Re: Help with filtered ports Josh Nerius (Nov 16)
- Re: Help with filtered ports robert (Nov 16)
- Re: Help with filtered ports GuidoZ (Nov 16)
- <Possible follow-ups>
- Re: Help with filtered ports miguel . dilaj (Nov 16)
- RE: Help with filtered ports Mike (Nov 16)