Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
1. Ask yourself what "connecting to a box" means. What do you need server-side to be able to connect to a port? An open port. What is an open port? A port that allows receiving traffic. Why does it allow receiving traffic? Because server-side there is an application which is listening on that port. What if I have a daemon running and the port registers as closed? Then there's no daemon listening, or it's firewalled. What if I have a daemon running and the port registers as filtered? Then it's firewalled. If a port is open, but is marked as filtered in nmap, can I connect to it? No. Are there any other ways to still be able to connect to a filtered port? Try reading something that includes the phrase "trusted hosts".
i'd probably consider him the "security specialist" on LQ.org
and here is more information that'll probably give you the answer your looking for :
Quote:
Open means that the target machine will accept connections on that port. Filtered means that a firewall, filter, or other network obstacle is covering the port and preventing nmap from determining whether the port is open. Unfiltered means that the port is known by nmap to be closed and no firewall/filter seems to be interfering with nmap's attempts to determine this. Unfiltered ports are the common case and are only shown when most of the scanned ports are in the filtered state.
cool. I know you can't connect to closed or filtered I just wondering the diff. Closed is sort of like inactive? As in its open but nothing listening so its closed. Filtered just firewall dropping.
if you try to connect to a filtered port... the port will reply with a message saying "go away... this machine does not accept connections on this port"
but if you try to connect to a closed port, you get no reply.... asif the machine is not turned on..
closed is generally more secure... because you apear to be offline... and the responce a filtered port gives can sue to determine info about the machine....
however, closed ports can be annoying, because with a fitered port, you will instantly know that the connection has failed... but wiith closed, you have to wait for a tcp timeout.. which can take a while.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.