Re: nmap reveals trinoo_master on router

[Robin Sheat <robin () kallisti net nz>]

On Thursday 19 October 2006 00:35, fahimdxb () gmail com wrote:
> I am worried about the last two entries. The last nmap was done in Feb this
> year and I have confirmed that the two port entries (tcp 1524/27665) did
> not exist then.
IIRC, 'filtered' from nmap means that there was no response to that probe. 
Normally a test will say 'connection refused' if you try to conenct to a 
non-existant port. In this case, there was no response at all. In my (fairly 
limited) experience with that kind of thing, it usually means that the ISP or 
another firewall somewhere are simply dropping the packets. It could well 
even be an outgoing firewall on the part of the ISP that you're running the 
scan from.

Oh, the relevant section from the nmap man page:

       [...] The state is either open,
       filtered, closed, or unfiltered. Open means that an application on the
       target machine is listening for connections/packets on that port.
       Filtered means that a firewall, filter, or other network obstacle is
       blocking the port so that Nmap cannot tell whether it is open or
       closed.  Closed ports have no application listening on them, though
       they could open up at any time. Ports are classified as unfiltered when
       they are responsive to Nmap’s probes, but Nmap cannot determine whether
       they are open or closed. Nmap reports the state combinations
       open|filtered and closed|filtered when it cannot determine which of the
       two states describe a port.

-- 
Robin <robin () kallisti net nz> JabberID: <eythian () jabber kallisti net nz>

Hostes alienigeni me abduxerunt. Qui annus est?

PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8  7175 14D3 6485 A99C EB6D

Attachment: _bin
Description: