[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: blocking ports

The reason it reports it as filtered is if someone tries to connect to a port on which you're not running a service, say port 12345, your server will respond back with a TCP/IP packet with the RST, ACK flags set (I know RST, I think ACK too). nmap sees this as closed. If you filter something out with iptables, a packet with RST flag is never sent back, nmap just times out trying to connect and assumes it's filtered. 
I'm not sure, but if you compile your kernel with iptables support and use the REJECT target support (which sends back an ICMP error in response to the attempted connection), nmap might say closed instead of filtered (although since it's different than a packet with RST set, maybe it still realizes it's filtered through a firewall).

> I'm running a server that's hot to the net, and running some insecure 
> services (by necessity), like nfs.  Of course, I used iptables to block all 
> those ports, using nmap and netstat to double check all my open ports.  
> However, what nmap reports back is "filtered" for those ports.  I would 
> prefer if I could somehow make it so that they are "closed" to the outside 
> world, so that random j. hacker doesn't know that I'm running that service at 
> all.  Is there some way to do that, or do I just live with "filtered"?
Greg Hunt
800-733-3380 x 107

Reply to: