[TriLUG] ports 179 and 1720

Ryan Wheaton ryan.wheaton at comcast.net
Tue Nov 18 12:25:01 EST 2003 

Ok.  I figured that it was something like this.  I'm scanning from 
behind a firewall at work.  The machine is my firewall/load balancer 
that I have set up at a colo facility.  I figured something like this 
was going on, but didn't know how to be sure unless i asked the guys at 
the colo...

thanks for the help.

-rtw
On Monday, Nov 17, 2003, at 17:07 America/Denver, Mike Johnson wrote:

> Ryan Wheaton [ryan.wheaton at comcast.net] wrote:
>> hey all,
>>
>> I've got a firewall built with RH9 (running the LVS kernel), and nmap
>> is showing the following ports to be open:
>>
>>
>> 179/tcp filtered bgp
>> 1720/tcp filtered H.323/Q.931
>
> You're misreading this.  Because a port shows up as filtered does not
> mean that is it open/has a listening service.  Those services may be
> filtered upstream.
>
> You don't say where your hosts are.  Are you logged onto the firewall,
> and running nmap from there?  Is your nmap system outside the firewall,
> but one hop away?  Are you scanning from your system at home to the
> firewall?  Through the firewall?  This information would help narrow
> down exactly what you're seeing.
>
> As an example, here's a portscan from my system at work, to a system on
> a totally different network, that is behind a firewall:
> (The 1655 ports scanned but not shown below are in state: closed)
> PORT    STATE    SERVICE
> 80/tcp  open     http
> 139/tcp filtered netbios-ssn
>
>
> The firewall isn't filtering port 139, the ISP is.  The system isn't
> running anything on port 139.
>
> So, there isn't neccesarily something to be worried about.  Try
> portscanning from somewhere else and you may see different results.
>
> Mike
> -- 
> "If life hands you lemons, YOU BLOW THOSE LEMONS TO BITS WITH
>  YOUR LASER CANNONS!" -- Brak
>
> GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF  C821 89C4 DF9A 5DDD 
> 95D1
> GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc
>
> <mime-attachment>--
> TriLUG mailing list        : 
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc

More information about the TriLUG mailing list