Fun with nmap

Mike Bilow mikebw at colossus.bilow.com
Fri Apr 28 10:28:02 EDT 2000 

This is nothing to worry about.  The "nmap" tool reports "filtered" when
something between it and the target eats the packet, usually a router
acting as a firewall.  By default, the target returns "Connection Refused"
when a packet is sent to a port which has no listener bound to it.  If,
incstead of this, there is no response at all, then the port is assumed to
be "filtered."

-- Mike


On Mon, 24 Apr 2000, Brian J. Conway wrote:

> Here is the output I get from running a thorough scan on one of my
> machines:
> 
> [root at ladyluck /]# scan machinenamegoeshere.clue4all.net
> 
> Starting nmap V. 2.30BETA21 by fyodor at insecure.org (
> www.insecure.org/nmap/ )
> Interesting ports on machinenamegoeshere.clue4all.net (X.X.X.X):
> (The 1513 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 21/tcp     open        ftp                     
> 22/tcp     open        ssh                     
> 25/tcp     open        smtp                    
> 53/tcp     open        domain                  
> 1999/tcp   filtered    tcp-id-port             
> 8888/tcp   filtered    sun-answerbook          
> 
> TCP Sequence Prediction: Class=random positive increments
>                          Difficulty=2722816 (Good luck!)
> Remote operating system guess: Linux 2.1.122 - 2.2.14
> 
> Nmap run completed -- 1 IP address (1 host up) scanned in 91 seconds
> [root at ladyluck /]#
> 
> Look at that insecure machine. ;-)  No, actually, I'm wondering if
> anyone knows what the last two items on the list are.  My DEC Multia is
> currently sitting on my friend's DSL modem masquerading his internel
> LAN, and I'm getting these two items shown.  The machine is very
> streamlined in terms of services running and accessible, and I'm
> assuming it's related to the things running through the firewalling from
> behind the machine.  On the other hand, our (my, really) Linux
> assocation server at school has the exact same setup and is masquerading
> a couple of internal boxes and doesn't have those latter two show up
> (though this could be because there hasn't been much traffic or strange
> ports running through it).  Any ideas?
> 
> Brian J. Conway
> dogbert at clue4all.net
> Geek for hire: http://clue4all.net/resume
> 
> I thought of some more foreign ladies I snogged.
> 		-- Sean Connery, Celebrity Jeopardy
> -
> Subcription/unsubscription/info requests: send e-mail with
> "subscribe", "unsubscribe", or "info" on the first line of the
> message body to discuss-request at blu.org (Subject line is ignored).
> 

--
-------------------------------------------------------------------------------
Bilow Computer Science, Inc. | http://www.bilow.com/ | Michael S. Bilow
Cranston, RI 02920-5554, USA | mike at bilow.com        | President
-------------------------------------------------------------------------------
PGP Public Key fingerprint  =  4B 06 23 FB 3E 24 A5 24  14 B5 A2 14 96 73 B4 B2
PGP Public Key fingerprint  =  A5 13 63 7F E3 9F AB 0A  52 62 49 26 BF 0C 01 AD
-------------------------------------------------------------------------------

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).

More information about the Discuss mailing list