[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why s port 111 still open?

On Mon, Aug 29, 2011 at 16:30, Bob Proulx <bob@proulx.com> wrote:
> Jochen Spieker wrote:
>> Anyway, using nmap on localhost doesn't make much sense. Use netstat or
>> lsof instead.
> Agreed.  For example if you have a firewall on the local host.
> Usually connections from the local host to the local host are
> allowed but inbound connections from other hosts are blocked.  In that
> case nmap on the local host would report open ports that would show as
> blocked when coming from a remote host.  You would need to probe your
> host from another one in order to gain meaningful information about
> remote networking attacks.

iirc, nmap should show 'filtered' from another host. it's a part of
the process as far as i'm concerned. see:
  -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
  -sU: UDP Scan
  -sN/sF/sX: TCP Null, FIN, and Xmas scans

Reply to: