Unexpected Ports Opened

November 11, 2013 4.9k views
I was wondering why the following ports are open on my VM? 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 4444/tcp filtered krb524 12345/tcp filtered netbus
6 Answers
That is most likely because you have samba running.
actually I don't have any process running smb or nmbd. I also checked listening ports but did not find any.
Use lsof to find the process(es) that has the ports open;

# lsof -i TCP:135

You may need to install lsof (list open files)
DigitalOcean does not install a firewall by default. If you want to close those ports, check out How to Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server.
by Shaun Lewis
Learn how to setup a firewall with UFW on an Ubuntu / Debian cloud server.
It's kind of weird why such ports appear when I try to scan my VM. I just dropped everything from these ports to be sure.

"Filtered" means, aggressively blocked, no reply at all from probe.

From the nmap man page:

<^>Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information.

Have another answer? Share your knowledge.