[SATLUG] Why are my ports 135,139,and 445 open?

Don Davis dondavis at reglue.org
Sat Dec 26 09:25:40 CST 2009


There are two hops above me:'foo' and an inconclusive * * * *.
Scanning 'foo' shows a few filtered ports, but none of the ports in 
question.
Is it acceptable to scan my subnet neighbors from the ISP to check?

Any thoughts on a free or close to free shell account that offers IPv6? 
Or are there recommendations on how to set up an IPv6 tunnel using a 
shell account? (I'd like to check the IPv6 from the outside as well, but 
my exterior shell account doesn't have IPv6.)

It is a good point - why did the ISP decide on REJECT instead of DROP?



Ernest De Leon wrote:
> Ah, so I didn't pay good attention to the first post from Don so I missed
> that he has a router with OpenWRT. With that caveat, remember that it
> doesn't matter what you have set on the laptop firewall, if you are using an
> external scanner such as ShieldsUp from GRC, it will report back what the
> router is REJECTing or DROPping.
> 
> Also, most ISPs do not block ports other than 25 [and maybe 80 inbound (to
> block web servers.)] If they did block these ports Don is talking about, I
> doubt they would REJECT the packets. They would most likely DROP the packets
> (see below.)
> 
> In general, you want to be as stealthy as possible when connected to the
> internet. This is why you DROP packets instead of REJECTing them. By
> REJECTing them, you give a response and thus prove that there is a machine
> at that particular IP. ISPs know this very well and if they filter ports at
> all, they usually DROP packets so as to avoid a possible DoS/DDoS against a
> particular subscriber IP.
> 
> I'm willing to bet that Don is trying to figure out why those port numbers
> are giving off responses at all rather than silently DROPping packets.
> 
> E
> 


More information about the SATLUG mailing list