Filtered Ports??? 1

[braddds]

When I conduct a port scan of my home network from outside I get a high number of filtered ports. First, what does a "filtered port" mean. Second, is this a concern from a security point of view or is this normal. Third,should I be doing something to ensure that these read as closed instead of filtered. My current setup is behind a linksys router and I run firewalls on each pc in the network.

Also, when I run a "netstat -an" on my win2k pc it shows the following ports as "listening": 21, 135, 445, 1025 and 1026. I understand the 21 as I have a personal ftp site for work and home access (lots of safeguards here so no problem) and I'm aware of the 135 and 445 are potential threats, so I blocked them in the firewall but the 1025 - 26 I haven't a clue. Any help!? Cheers

Thx to all who respond

 

[vesselescape]

go to :

http://lists.gpick.com/portlist/portlist.htm

for a list of ports and processes as well as known exploits

 

[wreave]

Port scans will tell you that the response was "open," "closed" or "filtered." A "filtered port" result is good: it means that the open-port request sent by the port scan got no reply - the request went into a black hole. A "closed port" response is not as good: that response means that the request got back a "No," which verifies the existence of the port.

As to the listening on ports 1025 and 1026 - I have long been curious about those ports myself. In my case, one thing I know for sure is that whatever services are listening are associated with the Win 2K MS OS. On a clean install of the OS, after a complete hard drive format, and before anything else is loaded (no programs, no service packs, nothing but the OS), and without a network connection, netstat tells me that there is listening on TCP ports 1025, 1026 and 1027.

I have read that port 1025 is associated with a service called network blackjack, but I've never found a definitive opinion on whether that's actually the service running and, if so, what it is doing.

So it doesn't sound like you've got anything out of the ordinary going on. (I'd still like to know what's using those ports, though.)

Wreave

 

[braddds]

Ok so now I've seen this, am I to assume that I may have "trojans or spyware" on this pc, ie:

1025 TCP (network blackjack) Fraggle Rock, md5 Backdoor, NetSpy, Remote Storm

Above is the listing for port "1025" since this port is "listening". Does that mean it is one of these (Fraggle Rock, md5 Backdoor, NetSpy, Remote Storm) and if so, what should I do about it!? As I've said I've already blocked the TCP/UDP in\out priviledges for this port. But how do I determine which (if any) are causing this port to be "listening"? Cheers

Thx to all who respond

 

[braddds]

thx wreave

That answers alot of questions! I wonder if blocking these ports will cause the OS any problems? I guess I'll find out, as I've blocked these ports. Anyways I know that my ftp site is still up and running which is what I really care about.

One question, if filtered is better how do I get the closed ports to operate in "filtered" mode...this is for curiousity only, as I have an open port 21. Cheers

Thx to all who respond

 

[wreave]

braddds - just discovered (finally) the listener on my port 1025: mstask.exe, the Windows Task Scheduler. If you're using Win2k pro boxes, I bet its the same for your system.

If you don't need it, change the startup type of the Task Scheduler service from automatic to manual, then stop it.

You might be interested in a thread in a different forum: MIS/IT, Network Associates: Sniffer, thread called "Network Blackjack Protocol."

Wreave