Re: Why s port 111 still open?
On Mon, Aug 29, 2011 at 16:30, Bob Proulx <firstname.lastname@example.org> wrote:
> Jochen Spieker wrote:
>> Anyway, using nmap on localhost doesn't make much sense. Use netstat or
>> lsof instead.
> Agreed. For example if you have a firewall on the local host.
> Usually connections from the local host to the local host are
> allowed but inbound connections from other hosts are blocked. In that
> case nmap on the local host would report open ports that would show as
> blocked when coming from a remote host. You would need to probe your
> host from another one in order to gain meaningful information about
> remote networking attacks.
iirc, nmap should show 'filtered' from another host. it's a part of
the process as far as i'm concerned. see:
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-sU: UDP Scan
-sN/sF/sX: TCP Null, FIN, and Xmas scans