The following is the result of a scan for the host under my care.
So the ports that are here as "filtered" are the hosts that had been denied with the following rule sets.
(The 1532 ports scanned but not shown below are in state: closed)
Port State Service
12/tcp filtered unknown
22/tcp open ssh
25/tcp open smtp
80/tcp open http
192/tcp filtered osu-nms
1524/tcp filtered ingreslock
12345/tcp filtered NetBus
12346/tcp filtered NetBus
27665/tcp filtered Trinoo_Master
31337/tcp filtered Elit
So it showed up as "filtered". I tried that with a few ports and it all showed up as "filtered". What if I don't want them to show up as "filtered" when I scan but would also like to put in the chain to make sure I'm blocking them ??
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTDERNET 1524 -j DENY -l
Or is it that someone had already hacked and that leaving those port temporarily blocked??
What do you guys think??
I'm using "pmfirewall" BTW.