port scan externally reveals open port, from inside those ports are closed
port scanning the droplet internally (from the droplet) gives the expected
PORT STATE SERVICE 22/tcp open ssh 3128/tcp open squid-http
but scanning remote from the host shows a discrepancy:
PORT STATE SERVICE 22/tcp open ssh 113/tcp filtered ident 135/tcp filtered msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 593/tcp filtered http-rpc-epmap 3128/tcp open squid-http
and within the span of several seconds, even more ports are filtered
Not shown: 955 closed ports, 41 filtered ports PORT STATE SERVICE 22/tcp open ssh 139/tcp open netbios-ssn 445/tcp open microsoft-ds 3128/tcp open squid-http
I have two questions. First and foremost:
Why are ports 139 and 445 showing up as open when scanned externally? I tried commands like
fuser -v -n tcp 445 lsof -i netstat -a ps -ef | grep smbd
in efforts to find the elusive processes listening on these ports, to no avail. I don’t have mamba installed either. Could someone shed any light on this issue?
Why are certain ports being filtered when scanning the droplet externally from host? I have no iptables or firewall rules set in place. Is this DigitalOcean performing filtering at the router?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.