Sign in to follow this  
Followers 0
ZioMatrix

NMAP filtered ports?

8 posts in this topic

Hello, another n00b question i dont care. Anyway, I have been exploring Nmap for a while now but there is 1 function i couldn't seem to find. My friend let me do a pen-test sorta deal to his computer. So i typed in the following

nmap -v -f -sV -PN XXX.XXX.XXX.XXX

so using the -f function of fragmenting my packets, the nmap client said it might not work (lol)

using the -sV function to find out what services were running ( recently discovered and passed to me in this forum)

Ans the -PN because the first attempt nmap stated that the computer or target host was rejecting my ping nodes.

So i tried it and got little to no results. Not 1 single port from the scan due to them being "filtered" as nmap put it. It did say however that the host was up and running (good) so what can i do to Un-filter if you will, the ports.

My guess was that the computer was behind a good firewall.

Thanks in advance

0

Share this post


Link to post
Share on other sites

Filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed.

you have guessed correctly. Most home computers nowadays are behind routers or firewalls. Unless there are ports allowed through the router by the administrator of the router, you wont be able to see them in the output of your nmap scan.

0

Share this post


Link to post
Share on other sites

I hence an Nmap update? hopefully, Well thanks for the help but is there anyway to scan for the ports without using nmap? i mean i know people get around this kinda stuff all the time it cant be the only thing that stumps hackers?

0

Share this post


Link to post
Share on other sites
I hence an Nmap update? hopefully, Well thanks for the help but is there anyway to scan for the ports without using nmap? i mean i know people get around this kinda stuff all the time it cant be the only thing that stumps hackers?

Nmap is a decent port scanner... what you're describing isn't a "bug" or problem with it; it's actually giving you more information than most other port scanners I've used. Here's why.

A port can be either open or closed. What nmap calls "filtered" is sometimes also called "STEALTH MODE LOL" (well, minus the LOL) by other firewalls. What this means is that if someone tries to connect to that port, instead of responding with either "Yes, come on in" or "No, get the hell away", the router just simply ignores the request, as if there were no computer there at all. Some security "experts" and folks who write firewall software for Grandma's computer will tell you that this makes your computer ULTRA SECURE, since it CANNOT EVEN BE DETECTED ON TEH INTERTUBES. It's like you are a GHOST NINJA SUPERCOMPUTER that nobody can HAX0R!

I've used a few port scanning programs besides nmap, and what they tend to do is only report a positive response (e.g. computer responded to a ping, port shows as open, etc...). What nmap does is it lets you know that, "Hey, I know there is a computer there, but there is some kind of firewalling going on for this port, since it didn't respond properly to my request." If you have a STEALTH HACKER MODE computer, but still have open ports or respond to pings, then the SUPER EXTREME STEALTH OPERATIONAL MODE is just kind of frivolous and may slow down some legitimate services.

There are enough other ways that someone can verify that your computer exists. If you're playing an online game, posting on web forums, using IM software, or doing any of a number of other things that use your IP address, then someone knows you're there. The trick is to make sure your own box/network is properly secured; that way, it won't matter whether or not someone knows you're there... they still won't be able to get in.

Free tip: when doing a port scan, include TCP port 113 (IDENT). This is a service that is still used by some legitimate programs, and many firewalls simply block (i.e. properly respond with a "No, nothing here") instead of ignoring a request on this port to avoid slowing down a server (waiting for the connect request to time out). One "closed" port is enough to verify a live IP address, even if other stuff doesn't respond. :)

0

Share this post


Link to post
Share on other sites

Haha both helpful and humorous. Anyway, i like the feed back and to mirrorshades what you said about if the IP is active, thats not a real problem but thanks for bringing up. I looked more into nmap and how to get the so called "filtered ports" open. Im not sure how the process goes and im not sure if this is "new thread" worthy. Packet forging? This is only a theory so dont take it out of context because this is only from 2hrs of research on it. If there is a way using WinInject ( packet forging tool) to make a simple "legit" packet that a firewall would read as regular traffic, To maybe encode your own port scanning script or something that possibly connects itself through nmap or even email's you the results? This process would be far beyond my skill, just wondering if it's possible

post-14436-1206891088.jpg

0

Share this post


Link to post
Share on other sites

Is this Linux based?? because the tar.gz thing makes it seem that way

Edited by ZioMatrix
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0