IRC filtered, all other ports open
Moderators: phlip, Moderators General, Prelates
- peterdavidcarter
- Posts: 42
- Joined: Wed Dec 14, 2016 6:36 pm UTC
IRC filtered, all other ports open
A bit of a naive question, but I'm a sorta baffled by a recent nmap result on a server, which is showing all ports wide open apart from IRC, which is filtered. Is this a common configuration? In people's opinions what would they say is the most likely reason someone would config their server this way?
- Soupspoon
- You have done something you shouldn't. Or are about to.
- Posts: 3882
- Joined: Thu Jan 28, 2016 7:00 pm UTC
- Location: 53-1
Re: IRC filtered, all other ports open
(Darnit, refreshed and wiped my response. Resummarising.)
Proxy gateway/NAT pre-emptively ACKing before it knows the true target's actual intention?
IDS (or even full Honeypot) being deliberately (mostly!) undiscriminating?
A listener daemon that is truly promiscuous?
Full-spectrum port spoofing to obfuscate and render ports-open profiling effectively useless?
As to the IRC (port 194 and/or 666x?), perhaps that's the single deliberately configured port, auto-rejecting requests outside of a preconfigured IP or subnet because it is expecting/already using that port as comms with a hardcoded remote machine?
That's just off the top of my head, some of those answers are a bit off the wall... But I don't think nmap does much more than get an ACK back... Maybe a bit of manual telnetting with some intelligent guessing as to the handshaking required can reveal more info. Or at least rule out some of the options.?
Proxy gateway/NAT pre-emptively ACKing before it knows the true target's actual intention?
IDS (or even full Honeypot) being deliberately (mostly!) undiscriminating?
A listener daemon that is truly promiscuous?
Full-spectrum port spoofing to obfuscate and render ports-open profiling effectively useless?
As to the IRC (port 194 and/or 666x?), perhaps that's the single deliberately configured port, auto-rejecting requests outside of a preconfigured IP or subnet because it is expecting/already using that port as comms with a hardcoded remote machine?
That's just off the top of my head, some of those answers are a bit off the wall... But I don't think nmap does much more than get an ACK back... Maybe a bit of manual telnetting with some intelligent guessing as to the handshaking required can reveal more info. Or at least rule out some of the options.?
Who is online
Users browsing this forum: No registered users and 5 guests