Is filtered port vs closed port?
1 Attachment(s)
Hello.
When I scan my system via Nmap then it tell me that some ports are filtered and according to the Google: Quote:
Thank you. |
"No response" == the DROP target, which simply discards the packet. The alternative is the REJECT target, which sends an ICMP response indicating why the packet could not be delivered (default: icmp-port-unreachable). nmap will report such a port as "closed". For protocols like UDP which do not automatically acknowledge packets, nmap cannot reliably distinguish between "open" and "filtered" (there might be an application silently listening on that port).
|
Quote:
UDP is a datagram protocol which provides no such niceties. You send a packet out into the gloom. You don't know if it arrived. You don't know the order in which it arrived, if it did. The packet will not be "replied to." If anyone hears you, they will send a packet back to you, not knowing if you heard them. This is what enables OpenVPN, with tls-auth, to literally remain undetectable by the outside world. There is no "open port" to scan, and the server will not respond to a connection request unless – in the initial packet – the supplicant demonstrates that it is in possession of a verifiable secret. Without it, the server drops the packet, and therefore no one can discover that it is even there. The doorway into your system is a secret door. |
Quote:
|
Excuse me, My question is how can I make a port "filtered" with iptables?
|
Quote:
|
Quote:
|
Quote:
The word, "port," is often used colloquially where "socket" actually should have been used. A "port scan" actually looks for "open TCP/IP sockets" and therefore should be properly called a "socket scan." The TCP/IP protocol involves "opening a socket," then engaging in a two-way "conversation" over that socket, with guarantees of delivery and of packet-sequence. The UDP protocol has none of these: each message is a shot in the dark. It operates at a much lower level within the protocol stack. Mea culpa for using the wrong term also. |
Quote:
|
Quote:
|
Quote:
Quote:
|
Quote:
https://en.wikipedia.org/wiki/Network_socket Quote:
|
Kindly remember the fundamental concept of "a networking stack," in which one layer of network-understanding is built upon another.
"UDP = Universal Datagram Protocol" is built upon the fundamental understanding of any radio operator: "that you tirelessly mash your fingers against a telegraph key, never knowing that anyone will actually hear you unless, and until. they respond." "TCP/IP," on the other hand, is "several stack-layers higher." By now, "the radio operators have written-down their scribbles," and then, several layers of higher-level underlings have also "done their thing," and what is left is "a bona-fide conversation." :eek:
|
Thus, It is defined in service not iptables?
|
All times are GMT -5. The time now is 10:17 PM. |