IRC filtered, all other ports open

A place to discuss the science of computers and programs, from algorithms to computability.

Formal proofs preferred.

Moderators: phlip, Moderators General, Prelates

User avatar
peterdavidcarter
Posts: 42
Joined: Wed Dec 14, 2016 6:36 pm UTC

IRC filtered, all other ports open

Postby peterdavidcarter » Sat Jan 07, 2017 12:27 am UTC

A bit of a naive question, but I'm a sorta baffled by a recent nmap result on a server, which is showing all ports wide open apart from IRC, which is filtered. Is this a common configuration? In people's opinions what would they say is the most likely reason someone would config their server this way?

User avatar
Soupspoon
You have done something you shouldn't. Or are about to.
Posts: 2544
Joined: Thu Jan 28, 2016 7:00 pm UTC
Location: 53-1

Re: IRC filtered, all other ports open

Postby Soupspoon » Sat Jan 07, 2017 1:14 am UTC

(Darnit, refreshed and wiped my response. Resummarising.)

Proxy gateway/NAT pre-emptively ACKing before it knows the true target's actual intention?
IDS (or even full Honeypot) being deliberately (mostly!) undiscriminating?
A listener daemon that is truly promiscuous?
Full-spectrum port spoofing to obfuscate and render ports-open profiling effectively useless?

As to the IRC (port 194 and/or 666x?), perhaps that's the single deliberately configured port, auto-rejecting requests outside of a preconfigured IP or subnet because it is expecting/already using that port as comms with a hardcoded remote machine?

That's just off the top of my head, some of those answers are a bit off the wall... But I don't think nmap does much more than get an ACK back... Maybe a bit of manual telnetting with some intelligent guessing as to the handshaking required can reveal more info. Or at least rule out some of the options.?


Return to “Computer Science”

Who is online

Users browsing this forum: No registered users and 8 guests