port scan externally reveals open port, from inside those ports are closed
port scanning the droplet internally (from the droplet) gives the expected
PORT STATE SERVICE 22/tcp open ssh 3128/tcp open squid-http
but scanning remote from the host shows a discrepancy:
PORT STATE SERVICE 22/tcp open ssh 113/tcp filtered ident 135/tcp filtered msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 593/tcp filtered http-rpc-epmap 3128/tcp open squid-http
and within the span of several seconds, even more ports are filtered
Not shown: 955 closed ports, 41 filtered ports PORT STATE SERVICE 22/tcp open ssh 139/tcp open netbios-ssn 445/tcp open microsoft-ds 3128/tcp open squid-http
I have two questions. First and foremost:
Why are ports 139 and 445 showing up as open when scanned externally? I tried commands like
fuser -v -n tcp 445 lsof -i netstat -a ps -ef | grep smbd
in efforts to find the elusive processes listening on these ports, to no avail. I don't have mamba installed either. Could someone shed any light on this issue?
Why are certain ports being filtered when scanning the droplet externally from host? I have no iptables or firewall rules set in place. Is this DigitalOcean performing filtering at the router?