I was wondering why the following ports are open on my VM?
135/tcp filtered msrpc 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 4444/tcp filtered krb524 12345/tcp filtered netbus
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Click below to sign up and get $100 of credit to try our products over 60 days!
“Filtered” means, aggressively blocked, no reply at all from probe.
From the nmap man page:
Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information.
It’s kind of weird why such ports appear when I try to scan my VM. I just dropped everything from these ports to be sure.
DigitalOcean does <b>not</b> install a firewall by default. If you want to close those ports, check out <a href=“https://www.digitalocean.com/community/articles/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server”>How to Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server</a>.
Use lsof to find the process(es) that has the ports open; <br> <br># lsof -i TCP:135 <br> <br>You may need to install lsof (list open files)
actually I don’t have any process running smb or nmbd. I also checked listening ports but did not find any.
That is most likely because you have samba running.