Security Basics mailing list archives
Re: Help with filtered ports
From: robert () dyadsecurity com
Date: Mon, 15 Nov 2004 21:47:37 -0800
Juan B(juanbabi () yahoo com)@Sat, Nov 13, 2004 at 09:41:52PM -0800:
I scan with nmap a host in the dmz,I found those ports filtered: 6699/tcp filtered napster 8888/tcp filtered sun-answerbook 12345/tcp filtered NetBus 12346/tcp filtered NetBus 27374/tcp filtered subseven 27665/tcp filtered Trinoo_Master I know that subseven and netbus are trojans but what does in mean filtered? what is the best sulution to fix this problem? format and install this machine? what is the differance between open and filter ports? thanks !!!
It may be helpful to see the TTL values and the source IP of the return packets. If you add the --packet_trace option (must be root), it may help clear some of that up for you. Optionally, you can also try using unicornscan (http://www.unicornscan.org), which may provide additional insights. Robert -- Robert E. Lee CTO, Dyad Security, Inc. W - http://www.dyadsecurity.com E - robert () dyadsecurity com M - (949) 394-2033
Current thread:
- Help with filtered ports Juan B (Nov 15)
- Re: Help with filtered ports Josh Nerius (Nov 16)
- Re: Help with filtered ports robert (Nov 16)
- Re: Help with filtered ports GuidoZ (Nov 16)
- <Possible follow-ups>
- Re: Help with filtered ports miguel . dilaj (Nov 16)
- RE: Help with filtered ports Mike (Nov 16)