[TriLUG] ports 179 and 1720

Mike Johnson mike at enoch.org
Mon Nov 17 19:07:59 EST 2003

Ryan Wheaton [ryan.wheaton at comcast.net] wrote:
> hey all,
> I've got a firewall built with RH9 (running the LVS kernel), and nmap 
> is showing the following ports to be open:
> 179/tcp filtered bgp
> 1720/tcp filtered H.323/Q.931

You're misreading this.  Because a port shows up as filtered does not
mean that is it open/has a listening service.  Those services may be
filtered upstream.  

You don't say where your hosts are.  Are you logged onto the firewall,
and running nmap from there?  Is your nmap system outside the firewall,
but one hop away?  Are you scanning from your system at home to the
firewall?  Through the firewall?  This information would help narrow
down exactly what you're seeing.

As an example, here's a portscan from my system at work, to a system on
a totally different network, that is behind a firewall:
(The 1655 ports scanned but not shown below are in state: closed)
80/tcp  open     http
139/tcp filtered netbios-ssn

The firewall isn't filtering port 139, the ISP is.  The system isn't
running anything on port 139.

So, there isn't neccesarily something to be worried about.  Try
portscanning from somewhere else and you may see different results.

"If life hands you lemons, YOU BLOW THOSE LEMONS TO BITS WITH 

GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF  C821 89C4 DF9A 5DDD 95D1
GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20031117/06b5e59d/attachment.pgp>

More information about the TriLUG mailing list