Home page logo

basics logo Security Basics mailing list archives

Re: unadministered open ports
From: Jacob Bresciani <jacob () bresciani ca>
Date: Fri, 12 Aug 2005 10:05:40 -0700

I'm jumping into this conversation a little late so I apologize if I'm missing facts.

Filtered ports just mean somewhere between the requesting machine and the answering machine the ports are being filtered. It doesn't mean that they are even open on the answering machine just that somewhere the requests got filtered by a gateway/firewall/... somewhere along the way. The filter could even be happening by personal software on the answering machine even if the ports are already closed, if the firewall says the ports are filtered then that is the reply that is sent back.

hope that helps somewhat.

Jacob Bresciani
Etraffic Solutions
jacob () etrafficsolutions com
Systems / Network Administrator
BUS (250) 658-8238 ex 39
FAX (250) 658-5936

"Passwords are like bubble gum, strongest when fresh, should never be used by groups and create a sticky mess when left laying around"


On Aug 11, 2005, at 9:44 AM, Peter Odigie wrote:

What process spawned the ports?.

Take for example the ports below from a workstation
The ports that are "filtered"  are not supposed to be there, maybe the
user is/has done something wrong.

Do I have to put a filter on the my gateway?  but which ports do I

I guess I will finally have to go each of the computers and remove the
offending process (maybe a malware) but is there a way to do this

Interesting ports on
(The 1653 ports scanned but not shown below are in state: closed)
116/tcp  filtered ansanotify
135/tcp  open     msrpc
139/tcp  open     netbios-ssn
196/tcp  filtered dn6-smm-red
445/tcp  open     microsoft-ds
1025/tcp open     NFS-or-IIS
1076/tcp filtered sns_credit
2043/tcp filtered isis-bcast
3389/tcp open     ms-term-serv
5000/tcp open     UPnP



On Thu, 2005-08-11 at 17:01, Sean Crawford wrote:

What ports are they for a start?.

What process spawned the ports?.


---> -----Original Message-----
---> From: Peter Odigie [mailto:petermariano () ncema gov ng]
---> Sent: Wednesday, 10 August 2005 7:21 PM
---> To: security-basics () securityfocus com
---> Subject: unadministered open ports
---> Hi All
---> I have noticed that anytime I do a nmap of my LAN I see ports that are
---> not supposed to be open or used appearing as "filtered" on my
---> workstations. I get a feeling that they have been infected. I will
---> want to control this and I will like if I can do it remotely.
---> Any help please
---> Peter
---> ________ Information from NOD32 ________
---> This message was checked by NOD32 Antivirus System for Linux
---> Mail Server.
--->   part000.txt - is OK
---> http://www.nod32.com
---> __________ NOD32 1.1191 (20050810) Information __________
---> This message was checked by NOD32 antivirus system.
---> http://www.eset.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]