Question
port scan externally reveals open port, from inside those ports are closed
port scanning the droplet internally (from the droplet) gives the expected
PORT STATE SERVICE
22/tcp open ssh
3128/tcp open squid-http
but scanning remote from the host shows a discrepancy:
PORT STATE SERVICE
22/tcp open ssh
113/tcp filtered ident
135/tcp filtered msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
593/tcp filtered http-rpc-epmap
3128/tcp open squid-http
and within the span of several seconds, even more ports are filtered
Not shown: 955 closed ports, 41 filtered ports
PORT STATE SERVICE
22/tcp open ssh
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3128/tcp open squid-http
I have two questions. First and foremost:
Why are ports 139 and 445 showing up as open when scanned externally? I tried commands like
fuser -v -n tcp 445 lsof -i netstat -a ps -ef | grep smbd
in efforts to find the elusive processes listening on these ports, to no avail. I don’t have mamba installed either. Could someone shed any light on this issue?
Why are certain ports being filtered when scanning the droplet externally from host? I have no iptables or firewall rules set in place. Is this DigitalOcean performing filtering at the router?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×