Hello. I'm trying to figure out which ports Cox blocks and which are open using nmap. I did "nmap x.x.x.x" where x.x.x.x is the ip I got from whatismyip.com. It reports that every port is closed except 23 (filtered), 80 (open), 161 (filtered) which explains why I couldn't login from the outside with ssh (not sure if I setup port forwarding on my router correctly though).

However, when I called Cox, they said port 22, 23 are open and 80 is closed. Who's right?

Hi,

From my experience (which is _very_ far from beeing either long or all-inclusive) nmap wouldn't "mistake" itself, unless it is fooled by an IDS... in which case I guess he wouldn't have seen the others ports (80, 161...).

However, when using nmap through a WAN, you may not be sure about what you're testing: does your firewall accepts all outbound packets, even strange ones? Does your ISP accept all kind of data? Isn't there another firewall somewhere inbetween?
Using nmap, or nessus, or others, you test the whole chain between you and the target. I wanted to do Nessus tests for customers from my company... I finished performing them from home since I was testing my company's firewalls and not at all the customer's servers...

So maybe the ssh port is open, and your filtered before attacking it, but I don't think that nmap would have missed it...