Question

Unexpected Ports Opened

  • Posted November 11, 2013

I was wondering why the following ports are open on my VM?

135/tcp filtered msrpc 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 4444/tcp filtered krb524 12345/tcp filtered netbus

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

“Filtered” means, aggressively blocked, no reply at all from probe.

From the nmap man page:

Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information.

It’s kind of weird why such ports appear when I try to scan my VM. I just dropped everything from these ports to be sure.

DigitalOcean does <b>not</b> install a firewall by default. If you want to close those ports, check out <a href=“https://www.digitalocean.com/community/articles/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server”>How to Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server</a>.

Use lsof to find the process(es) that has the ports open; <br> <br># lsof -i TCP:135 <br> <br>You may need to install lsof (list open files)

actually I don’t have any process running smb or nmbd. I also checked listening ports but did not find any.

That is most likely because you have samba running.