| Author |
Message |
genode
Joined: 22 Feb 2006
Posts: 17
|
| Posted: Mon Feb 27, 2006 6:00 pm Post subject: what is microsoft-ds? |
|
|
Code: nmap -v -A li7-181.members.linode.com
In the output below, I see
445/tcp filtered microsoft-ds.
What is it? :?
Code:
Starting nmap 3.83.DC13 ( http://www.insecure.org/nmap/ ) at 2006-02-28 11:45 NZDT
Initiating Connect() Scan against li7-181.members.linode.com (64.62.231.181) [1667 ports] at 11:45
Discovered open port 22/tcp on 64.62.231.181
Increasing send delay for 64.62.231.181 from 0 to 5 due to max_successful_tryno increase to 4
Connect() Scan Timing: About 28.16% done; ETC: 11:47 (0:01:16 remaining)
Connect() Scan Timing: About 48.58% done; ETC: 11:49 (0:01:55 remaining)
The Connect() Scan took 162.16s to scan 1667 total ports.
Initiating service scan against 1 service on li7-181.members.linode.com (64.62.231.181) at 11:48
The service scan took 0.50s to scan 1 service on 1 host.
Host li7-181.members.linode.com (64.62.231.181) appears to be up ... good.
Interesting ports on li7-181.members.linode.com (64.62.231.181):
(The 1665 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 3.9p1 (protocol 2.0)
445/tcp filtered microsoft-ds
Nmap finished: 1 IP address (1 host up) scanned in 163.782 seconds
thanks
genode |
|
| Back to top |
|
taupehat
Joined: 01 May 2005
Posts: 31
|
| Posted: Mon Feb 27, 2006 6:08 pm Post subject: |
|
|
It's a free port! I've seen some security-related distros use that as an alternative to 443 (https) before, which is a lot like what that would appear to be. It could also be the port the web application at linode.com connects to... or a monitoring port run by No Such Agency... the list of possibilites is endless. :?
I'm sure caker or mikegrb will be in shortly to set us all straight. |
|
| Back to top |
|
Ciaran
Joined: 13 Feb 2004
Posts: 140
Location: England, UK
|
| Posted: Mon Feb 27, 2006 6:13 pm Post subject: |
|
|
My first thought was that port 445 was probably filtered by Linode, but it's not listed in http://www.linode.com/products/faq.cfm?id=25 ...
Port 445 is used by Windows for its Directory Services (hence "ds"), and there's no good reason at all to have it open on the Internet normally, even on a Linux box. It's a good thing it's filtered, but if Linode are filtering it I'm not sure how come it isn't on the list. |
|
| Back to top |
|
genode
Joined: 22 Feb 2006
Posts: 17
|
| Posted: Mon Feb 27, 2006 6:20 pm Post subject: |
|
|
What does filtered mean exactly? Blocked, I'm assuming.
(sorry for the dump question. I'll be seen crawling up the security admin learning curve over the next couple of days.) :)
thanks |
|
| Back to top |
|
Ciaran
Joined: 13 Feb 2004
Posts: 140
Location: England, UK
|
| Posted: Tue Feb 28, 2006 1:03 pm Post subject: |
|
|
"Filtered" means that nmap didn't receive a response of any kind, not even to say that the port was closed. It's as if the server was switched off.
Technically it's a violation of the RFC spec (because the RFC states that if the computer's on then it must give a response) but the RFC was written without foreknowledge of the security issues that was arise today, so now everybody does it and it's generally regarded as a Good Thing all round. |
|
| Back to top |
|
| |
