nmap reveals trinoo_master on router Oct 18 2006 11:35AM
fahimdxb gmail com (1 replies)
Re: nmap reveals trinoo_master on router Oct 18 2006 09:31PM
Robin Sheat (robin kallisti net nz)
On Thursday 19 October 2006 00:35, fahimdxb (at) gmail (dot) com [email concealed] wrote:
> I am worried about the last two entries. The last nmap was done in Feb this
> year and I have confirmed that the two port entries (tcp 1524/27665) did
> not exist then.
IIRC, 'filtered' from nmap means that there was no response to that probe.
Normally a test will say 'connection refused' if you try to conenct to a
non-existant port. In this case, there was no response at all. In my (fairly
limited) experience with that kind of thing, it usually means that the ISP or
another firewall somewhere are simply dropping the packets. It could well
even be an outgoing firewall on the part of the ISP that you're running the
scan from.

Oh, the relevant section from the nmap man page:

[...] The state is either open,
filtered, closed, or unfiltered. Open means that an application on the
target machine is listening for connections/packets on that port.
Filtered means that a firewall, filter, or other network obstacle is
blocking the port so that Nmap cannot tell whether it is open or
closed. Closed ports have no application listening on them, though
they could open up at any time. Ports are classified as unfiltered when
they are responsive to Nmapâ??s probes, but Nmap cannot determine whether
they are open or closed. Nmap reports the state combinations
open|filtered and closed|filtered when it cannot determine which of the
two states describe a port.

Robin <robin (at) (dot) nz [email concealed]> JabberID: <eythian (at) (dot) nz [email concealed]>

Hostes alienigeni me abduxerunt. Qui annus est?

PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8 7175 14D3 6485 A99C EB6D
Version: GnuPG v1.4.2.2 (GNU/Linux)


[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus