Verizon FIOS filtering?

• Previous message (by thread): Verizon FIOS filtering?
• Next message (by thread): [c-nsp] DNS amplification
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Are you sure the edu isn't triggering any sort of filtering on host that do scanning?

Harry Hoffman <hhoffman at ip-solutions.net> wrote:

>Hi All,
>
>Sorry, got pulled away on other projects. No, still trying to figure
>out
>what's going on. This is traffic originating from FIOS's network.
>
>I have a host located in a .edu that is configured to send back icmp
>host prohibited replies for connections that aren't specifically
>allowed
>in the host based firewall.
>
>The .edu border routers filter very little (standard MS ports
>135,137,139,445 udp/tcp).
>
>I can ssh from my verizon fios router (a linux box) to my .edu host
>(also a linux box).
>
>If I run nmap -sT -Pn <.edu host> I'll get back different results of
>what ports are filtered. I assume that this is a result of what nmap
>decides to cache when it receives the ICMP messages.
>
>Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-16 14:53 EDT
>Nmap scan report for some.host.edu (123.45.67.89)
>Host is up (0.028s latency).
>Not shown: 999 closed ports
>PORT   STATE    SERVICE
>23/tcp filtered telnet
>
>Nmap done: 1 IP address (1 host up) scanned in 3.78 seconds
>[hhoffman at firefly ~]$ nmap -Pn -sT some.host.edu
>
>Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-16 14:53 EDT
>Nmap scan report for some.host.edu (123.45.67.89)
>Host is up (0.034s latency).
>Not shown: 998 closed ports
>PORT    STATE    SERVICE
>21/tcp  filtered ftp
>199/tcp filtered smux
>
>Nmap done: 1 IP address (1 host up) scanned in 20.43 seconds
>[harryh at firefly ~]$ nmap -Pn -sT some.host.edu
>
>Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-16 14:56 EDT
>Nmap scan report for some.host.edu (123.45.67.89)
>Host is up (0.078s latency).
>Not shown: 996 closed ports
>PORT     STATE    SERVICE
>21/tcp   filtered ftp
>111/tcp  filtered rpcbind
>256/tcp  filtered fw1-secureremote
>3389/tcp filtered ms-wbt-server
>
>Nmap done: 1 IP address (1 host up) scanned in 2.52 seconds
>[hhoffman at firefly ~]$ nmap -Pn -sT some.host.edu
>
>Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-16 14:56 EDT
>Nmap scan report for some.host.edu (123.45.67.89)
>Host is up (0.030s latency).
>All 1000 scanned ports on some.host.edu (123.45.67.89) are closed
>
>For a short period of time after the scans commence I'm not able to
>connect from my FIOS host to my .edu host on tcp/22, a port that is
>specifically allowed in the .edu host's firewall rules.
>
>There is no software on either end that would perform any tarpit-like
>functionality.
>
>Cheers,
>Harry
>
>
>
>On 03/18/2013 08:50 AM, joseph.snyder at gmail.com wrote:
>> Did you ever resolve this?
>> 
>> Harry Hoffman <hhoffman at ip-solutions.net> wrote:
>> 
>>> Hi All,
>>>
>>> Does anyone know if Verizon automatically performs network filtering
>in
>>> response to scanning behavior?
>>>
>>> I'm having some weird connectivity issues to a host and trying to
>>> figure
>>> out why.
>>>
>>> Cheers,
>>> Harry
>> 

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

• Previous message (by thread): Verizon FIOS filtering?
• Next message (by thread): [c-nsp] DNS amplification
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]