Closed vs. Filtered ports
Someone may correct me on specifics... as nit-picky as I can be, I'm not always that great on exact wording... that said:
As far as I understand it, 'Closed' and 'Filtered' aren't really directly related...
Closed means that no daemon/service is configured to respond on the port in question on a specific host.
Filtered means that there is a firewall somewhere which is 'intercepting' and dropping communications for a port. Actually, you don't so much filter a PORT as you filter datagrams based on whatever the rules are... and it's entirely possible that the 'rules' can be "drop all packets for this port" or "drop all packets EXCEPT those for this port"
The reason I say they aren't neccesarily directly related is this: It's entirely possible for a port to be OPEN, yet filtered. In fact, that's one of the greatest reasons to have a firewall in the first place: To enable a service (such as file sharing) to be available on your private network, but to have connections from outside to that service 'filtered' such that they do not get through.
Or.. umm.. something like that!
So, to answer your last question: If ALL of the ports are truly closed, then it would seem there isn't really a need for them to be filtered, too... but.. there's justa little more, because I mentioned a THIRD possibility above: Dropped.
When a port is 'closed', say port 80, and I try to connect to a computer on that port, the computer in question usually sends back an instant reply saying, "Hey, I don't have any service running on that port!" That's the normal behavior on a 'closed' port.
When communications to that port are "filtered" or "dropped", though... that "there's nothing here" response never gets sent. This is usually what some online tests mean when they say a port is 'stealthed', and it is a little better than simply being 'closed', because it forces a port scan to wait for a timeout before it can declare the port responding or not.
As far as I understand it, 'Closed' and 'Filtered' aren't really directly related...
Closed means that no daemon/service is configured to respond on the port in question on a specific host.
Filtered means that there is a firewall somewhere which is 'intercepting' and dropping communications for a port. Actually, you don't so much filter a PORT as you filter datagrams based on whatever the rules are... and it's entirely possible that the 'rules' can be "drop all packets for this port" or "drop all packets EXCEPT those for this port"
The reason I say they aren't neccesarily directly related is this: It's entirely possible for a port to be OPEN, yet filtered. In fact, that's one of the greatest reasons to have a firewall in the first place: To enable a service (such as file sharing) to be available on your private network, but to have connections from outside to that service 'filtered' such that they do not get through.
Or.. umm.. something like that!
So, to answer your last question: If ALL of the ports are truly closed, then it would seem there isn't really a need for them to be filtered, too... but.. there's justa little more, because I mentioned a THIRD possibility above: Dropped.
When a port is 'closed', say port 80, and I try to connect to a computer on that port, the computer in question usually sends back an instant reply saying, "Hey, I don't have any service running on that port!" That's the normal behavior on a 'closed' port.
When communications to that port are "filtered" or "dropped", though... that "there's nothing here" response never gets sent. This is usually what some online tests mean when they say a port is 'stealthed', and it is a little better than simply being 'closed', because it forces a port scan to wait for a timeout before it can declare the port responding or not.
Comments
Post a Comment