Have a question or want to start a discussion? Post it! No Registration Necessary. Now with pictures!
- Posted on
- Filtered ports
December 13, 2007, 4:04 am
rate this thread
Re: Filtered ports
Well, the documentation of the software you have used should explain
what "filtered" means. You don't mentioned which software you have
used thus I can only guess that "filtered" means that the software did
no get any response when it tried to connect to those ports.
This is usually because some firewall blocked the response which the
computer sends when someone tries to connect to a closed port. Quite a
lot of people strongly believe it is extremely important to block
those responses in order to be "stealth" and it sells good...
- Ansgar -59cobalt- Wiechers
December 13, 2007, 5:01 am
Re: Filtered ports
man nmap, if you have it and it describes its tests and responses in
great detail. To have a better constrained question, you'd have to
specify what type of scan you were performing because the specifics of
how the target responded are inferred differently depending on whether
you did a full tcp connect scan, a syn scan, an xmas scan, etc.
In the 3 way tcp handshake, if the scanner sends a SYN, and the target
does not respond with anything, the port is reported as filtered.
Likewise, if a TCP SYN is sent to the target, but the target responds
with ICMP destination unreachable, or administratively prohibited it's
also considered filtered.
Simplistically, think of filtered as good--it's what ya want. Closed
is decent, but the port is actually responding to the scan, which draw
more attention from attackers who might shortlist it to try again
later to see if something might come up on the port.
Another term you'll see for filtered sometimes is "stealthed."
- » 'Human Error' caused two-thirds of Minnesota 911 calls to be dropped, outage...
- — The site's Newest Thread. Posted in » General Telecommunications Forum