Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Strange open ports on windows machines

From: Thomas Lopatic <tl () dataprotect com>
Date: Sat, 23 Oct 1999 17:48:30 +0200
Hi there,


12345   filtered    tcp       NetBus
31337   open        udp       BackOrifice


"filtered" means that there was a timeout when nmap tried to connect to
port 12345. Hence, this port is probably filtered at some firewall
between you and the computer you scanned.

The same is probably true for port 31337. UDP scanning works as follows.
nmap sends a UDP packet to a port and then waits for an ICMP port
unreachable message, which indicates, that there is not service
listening at that particular port. If it does not get an ICMP port
unreachable message, nmap will tell you that there is a service that
listens at the port.

If the UDP message is filtered at an intermediate firewall, then the
computer will never see that UDP packet and you will never get an ICMP
port unreachable - and nmap thinks that there is some listening service.

I think that this is the most plausible explanation. A packet filter
that protects the network that you have scanned.

Have a nice day
-Thomas

-- 
Thomas Lopatic, data protect AG (tl () dataprotect com)
Previous By Date Next
Previous By Thread Next

Current thread: