Filtered ports

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Dear all,

I used scan port software to scan the ports of my fixed IP line.

I find most ports are "filtered" and only pop3 port is open. What is
the meaning of filtered port?

Thanks!



Re: Filtered ports
Quoted text here. Click to load it

Well, the documentation of the software you have used should explain
what "filtered" means. You don't mentioned which software you have
used thus I can only guess that "filtered" means that the software did
no get any response when it tried to connect to those ports.

This is usually because some firewall blocked the response which the
computer sends when someone tries to connect to a closed port. Quite a
lot of people strongly believe it is extremely important to block
those responses in order to be "stealth" and it sells good...

Gerald

Re: Filtered ports
Quoted text here. Click to load it

It means that your packet filter is dropping connection attempts instead
of rejecting them.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Filtered ports

Quoted text here. Click to load it

man nmap, if you have it and it describes its tests and responses in
great detail.    To have a better constrained question, you'd have to
specify what type of scan you were performing because the specifics of
how the target responded are inferred differently depending on whether
you did a full tcp connect scan, a syn scan,  an xmas scan, etc.


In the 3 way tcp handshake, if the scanner sends a SYN, and the target
does not respond with anything, the port is reported as filtered.
Likewise, if a TCP SYN is sent to the target, but the target responds
with ICMP destination unreachable, or administratively prohibited it's
also considered filtered.

Simplistically, think of filtered as good--it's what ya want.  Closed
is decent, but the port is actually responding to the scan, which draw
more attention from attackers who might shortlist it to try again
later to see if something might come up on the port.

Another term you'll see for filtered sometimes is "stealthed."


Best Regards,
--
Todd H.
http://www.toddh.net /

Re: Filtered ports
On 12 Dec 2007 23:22:07 -0600, comphelp@toddh.net (Todd H.) wrote:


Quoted text here. Click to load it

Guesswork.


Coined by a sensationalist watching too many science fictions and
adopted by marketing.

Re: Filtered ports

Quoted text here. Click to load it

Agreed.  



--
Todd H.
http://www.toddh.net /

Site Timeline