Question

Are ports 445 and 139 blocked on droplets at the digitalocean end?

Posted April 24, 2021 477 views
NetworkingDigitalOcean Droplets

Are ports 445 and 139 blocked on droplets at the digitalocean end?

For example when I do a port scan from my home computer, to my droplet, I see the windows file sharing related ports are blocked.

Including ports 139 and 445 that samba uses.

(“filtered” means that a firewall is stopping any response, so it’s as good as closed. So even if I did have a service running on those ports, it wouldn’t be accessible)

I’m wondering if that blocking is happening at digitalocean’s end, or at my end. e.g. If it’s digitalocean’s ISP, or digitalocean. Or my ISP. Or my router blocking those outgoing connections.

C:\nmap>nmap -p134,135-139,140,141,440-450 159.89.181.235
Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-25 00:38 GMT Daylight Time
Nmap scan report for 159.89.181.235
Host is up (0.083s latency).

PORT STATE SERVICE
134/tcp closed ingres-net
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
140/tcp closed emfis-data
141/tcp closed emfis-cntl
440/tcp closed sgcp
441/tcp closed decvms-sysmgt
442/tcp closed cvc_hostd
443/tcp closed https
444/tcp closed snpp
445/tcp filtered microsoft-ds
446/tcp closed ddm-rdb
447/tcp closed ddm-dfm
448/tcp closed ddm-ssl
449/tcp closed as-servermap
450/tcp closed tserver

Nmap done: 1 IP address (1 host up) scanned in 2.06 seconds

C:\nmap>

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hi @userdo,

Are you sure there is anything listening on the ports you’ve mentioned on your Droplet?

How ports work - even if you open a port if there is nothing listening on it, it will appear as closed just because there isn’t anything behind this port.

What you can do is, SSH to your droplet and type in the following command:

netstat -tulpen

Check what’s going on in there, do you see the mentioned ports listening to anything? If yes, see if you can whitelist your IP address and try to reach the port again. If there isn’t anything that is listening to the port, it will never work even if you whitelist the IP address.

  • Thanks, could you try this nmap port scan command as a test please. Running this nmap command from your “home” computer. So nmap goes through the internet and accesses your VM IP.

    Supposing you don’t have SAMBA running / don’t have anything running on port 445, so I wouldn’t expect you to get “open” listed.

    $nmap -p134,135-139,140,141,440-450 YOUR_VM_IP

    Do you get “filtered” for port 445, or closed for port 445?

    • Here is the output of nmap on a newly created server:

      PORT    STATE    SERVICE
      134/tcp filtered ingres-net
      135/tcp filtered msrpc
      136/tcp filtered profile
      137/tcp filtered netbios-ns
      138/tcp filtered netbios-dgm
      139/tcp filtered netbios-ssn
      140/tcp filtered emfis-data
      141/tcp filtered emfis-cntl
      440/tcp filtered sgcp
      441/tcp filtered decvms-sysmgt
      442/tcp filtered cvc_hostd
      443/tcp open     https
      444/tcp filtered snpp
      445/tcp filtered microsoft-ds
      446/tcp filtered ddm-rdb
      447/tcp filtered ddm-dfm
      448/tcp filtered ddm-ssl
      449/tcp filtered as-servermap
      450/tcp filtered server
      
      • Thanks. Why is it I get a mixture of closed and filtered and you get no closed?

        (filtered means that regardless of whether a server is running or not on the machine at that port, there is something blocking access to that port e.g. a firewall, so filtered is ‘as good as’ closed from a security perspective, but it’s slightly different).

        When you are using a newly created VM, and I am using a newly created VM.

        https://www.youtube.com/watch?v=MfTUmpfIy_E

        Maybe it’s the type of droplet? If you create a droplet with the same options as me. Just the most basic droplet.. Do you get the same mix of closed and filtered?

        • Hi @userdo,

          Filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed. Closed ports have no application listening on them, though they could open up at any time.

          • I don’t know why you keep thinking that I don’t know what filtered means.

            You write that “Filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed.” <– You mean nmap doesn’t know if a service is running on the port. So it may be that more locally, it’s open, and it may be that more locally, it’s closed. If nmap tells you it’s filtered then it means that it’s not coming up as open, and it’s not coming up as closed, nmap is not in some state of doubt. From where nmap is scanning from, it’s not open(no doubts). nmap is saying it’s filtered.

            And as you said “Filtered means that a firewall, filter, or other network obstacle is blocking the port” . That’s what that means. We agree on that.

            It seems to me that your “newly created server”, has a firewall running on it by default. (or something blocking various ports such that nmap shows them as filtered).

            My newly created server, does not have a firewall or anything blocking those ports.

            Why is that?

            Maybe your server isn’t actually purely newly created and you started a firewall like ufw on it? (which would completely defeat the purpose of the test/question comparing nmap results).