RE: nmap showing port 21 (ftp) open, but port is actually closed

From: Andre Protas (aprotas@eeye.com)
Date: Mon Sep 12 2005 - 20:26:09 EDT


Is it 'closed' or firewalled? A firewalled port will show as filtered
since it will not receive the response reporting that it is closed.
Therefore, it cannot be distinguished between open/filtered.

 
Signed,

Andre Derek Protas
Security Researcher
eEye Digital Security
aprotas eeye com

-----Original Message-----
From: Steve.Cummings@barclayscapital.com
[mailto:Steve.Cummings@barclayscapital.com]
Sent: Monday, September 12, 2005 10:07 AM
To: wangchunying@snda.com; sopiaz57@gmail.com
Cc: pen-test@securityfocus.com
Subject: Re: nmap showing port 21 (ftp) open, but port is actually
closed

Try using a different version have seen this in wintel versions

Do you have a different tool that you could use
 

-----Original Message-----
From: cy.wang <wangchunying@snda.com>
To: sopiaz57@gmail.com <sopiaz57@gmail.com>
CC: pen-test@securityfocus.com <pen-test@securityfocus.com>
Sent: Mon Sep 12 10:19:45 2005
Subject: Re: nmap showing port 21 (ftp) open, but port is actually
closed

can you telnet to its port 21 ? maybe it's an open port not for FTP
service .
or , nmap possibly got fooled by some msg that ids/firewall returned

Regards,

c.y. wang
security analysis engineer
Shanda Interactive Entertainment Co. Ltd, Shanghai, China.
Phone: +86-21-50504740-5046
Email: wangchunying@snda.com
  
----- Original Message -----
From: "Mike Jones" <sopiaz57@gmail.com>
To: <pen-test@securityfocus.com>
Sent: Friday, September 09, 2005 9:47 PM
Subject: nmap showing port 21 (ftp) open, but port is actually closed

> Has anyone ever seen this before, nmap is showing port 21 to be open
on > a machine on the internet, but 21 is not listening on that machine.
It > happens to all machines I scan outside the local area network.
>
> Thanks in advance
>
>
------------------------------------------------------------------------
------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on
your > website. Up to 75% of cyber attacks are launched on shopping
carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down
servers are
> futile against web application hacking. Check your website for
vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before
hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
>
------------------------------------------------------------------------
-------
>
>
>

------------------------------------------------------------------------
For more information about Barclays Capital, please
visit our web site at http://www.barcap.com.

Internet communications are not secure and therefore the Barclays
Group does not accept legal responsibility for the contents of this
message. Although the Barclays Group operates anti-virus programmes,
it does not accept responsibility for any damage whatsoever that is
caused by viruses being passed. Any views or opinions presented are
solely those of the author and do not necessarily represent those of the

Barclays Group. Replies to this email may be monitored by the Barclays
Group for operational or business reasons.

------------------------------------------------------------------------

------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on
your
website. Up to 75% of cyber attacks are launched on shopping carts,
forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:53 EDT