Unexpected Ports Opened

November 11, 2013 6.1k views
icpep.org
By:
icpep.org
I was wondering why the following ports are open on my VM? 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 4444/tcp filtered krb524 12345/tcp filtered netbus
Log In to Comment
6 Answers
digitalocean184381 November 11, 2013
That is most likely because you have samba running.
Reply
icpep.org November 11, 2013
actually I don't have any process running smb or nmbd. I also checked listening ports but did not find any.
Reply
digitalocean184381 November 11, 2013
Use lsof to find the process(es) that has the ports open;

# lsof -i TCP:135

You may need to install lsof (list open files)
Reply
pablo November 11, 2013
DigitalOcean does not install a firewall by default. If you want to close those ports, check out How to Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server.
How To Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server
by Shaun Lewis
Learn how to setup a firewall with UFW on an Ubuntu / Debian cloud server.
Reply
icpep.org November 11, 2013
It's kind of weird why such ports appear when I try to scan my VM. I just dropped everything from these ports to be sure.
Reply
doug16k October 16, 2015

"Filtered" means, aggressively blocked, no reply at all from probe.

From the nmap man page:

<^>Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information.
<^>

Reply
Have another answer? Share your knowledge.