Unexpected Ports Opened

November 11, 2013 7.2k views
I was wondering why the following ports are open on my VM? 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 4444/tcp filtered krb524 12345/tcp filtered netbus
6 Answers
That is most likely because you have samba running.
actually I don't have any process running smb or nmbd. I also checked listening ports but did not find any.
Use lsof to find the process(es) that has the ports open;

# lsof -i TCP:135

You may need to install lsof (list open files)
DigitalOcean does not install a firewall by default. If you want to close those ports, check out How to Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server.
by Shaun Lewis
Learn how to setup a firewall with UFW on an Ubuntu / Debian cloud server.
It's kind of weird why such ports appear when I try to scan my VM. I just dropped everything from these ports to be sure.

“Filtered” means, aggressively blocked, no reply at all from probe.

From the nmap man page:

<^>Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information.

Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!