NMAP filtered ports?
Posted 29 March 2008 - 04:21 PM
nmap -v -f -sV -PN XXX.XXX.XXX.XXX
so using the -f function of fragmenting my packets, the nmap client said it might not work (lol)
using the -sV function to find out what services were running ( recently discovered and passed to me in this forum)
Ans the -PN because the first attempt nmap stated that the computer or target host was rejecting my ping nodes.
So i tried it and got little to no results. Not 1 single port from the scan due to them being "filtered" as nmap put it. It did say however that the host was up and running (good) so what can i do to Un-filter if you will, the ports.
My guess was that the computer was behind a good firewall.
Thanks in advance
Posted 29 March 2008 - 04:36 PM
you have guessed correctly. Most home computers nowadays are behind routers or firewalls. Unless there are ports allowed through the router by the administrator of the router, you wont be able to see them in the output of your nmap scan.
Posted 29 March 2008 - 04:48 PM
Posted 29 March 2008 - 07:35 PM
Posted 29 March 2008 - 11:55 PM
Nmap is a decent port scanner... what you're describing isn't a "bug" or problem with it; it's actually giving you more information than most other port scanners I've used. Here's why.
I hence an Nmap update? hopefully, Well thanks for the help but is there anyway to scan for the ports without using nmap? i mean i know people get around this kinda stuff all the time it cant be the only thing that stumps hackers?
A port can be either open or closed. What nmap calls "filtered" is sometimes also called "STEALTH MODE LOL" (well, minus the LOL) by other firewalls. What this means is that if someone tries to connect to that port, instead of responding with either "Yes, come on in" or "No, get the hell away", the router just simply ignores the request, as if there were no computer there at all. Some security "experts" and folks who write firewall software for Grandma's computer will tell you that this makes your computer ULTRA SECURE, since it CANNOT EVEN BE DETECTED ON TEH INTERTUBES. It's like you are a GHOST NINJA SUPERCOMPUTER that nobody can HAX0R!
I've used a few port scanning programs besides nmap, and what they tend to do is only report a positive response (e.g. computer responded to a ping, port shows as open, etc...). What nmap does is it lets you know that, "Hey, I know there is a computer there, but there is some kind of firewalling going on for this port, since it didn't respond properly to my request." If you have a STEALTH HACKER MODE computer, but still have open ports or respond to pings, then the SUPER EXTREME STEALTH OPERATIONAL MODE is just kind of frivolous and may slow down some legitimate services.
There are enough other ways that someone can verify that your computer exists. If you're playing an online game, posting on web forums, using IM software, or doing any of a number of other things that use your IP address, then someone knows you're there. The trick is to make sure your own box/network is properly secured; that way, it won't matter whether or not someone knows you're there... they still won't be able to get in.
Free tip: when doing a port scan, include TCP port 113 (IDENT). This is a service that is still used by some legitimate programs, and many firewalls simply block (i.e. properly respond with a "No, nothing here") instead of ignoring a request on this port to avoid slowing down a server (waiting for the connect request to time out). One "closed" port is enough to verify a live IP address, even if other stuff doesn't respond. :)
Posted 30 March 2008 - 10:31 AM
Posted 30 March 2008 - 10:37 AM
Its much easier to make a tool that will consistently work with other existing tools. That way you aren't stuck doing what you are doing here.
Posted 30 March 2008 - 10:39 AM
Edited by ZioMatrix, 30 March 2008 - 10:47 AM.
BinRev is hosted by the great people at Lunarpages!