Are you sure the edu isn't triggering any sort of filtering on host that do scanning? Harry Hoffman <hhoffman@ip-solutions.net> wrote:
Hi All,
Sorry, got pulled away on other projects. No, still trying to figure out what's going on. This is traffic originating from FIOS's network.
I have a host located in a .edu that is configured to send back icmp host prohibited replies for connections that aren't specifically allowed in the host based firewall.
The .edu border routers filter very little (standard MS ports 135,137,139,445 udp/tcp).
I can ssh from my verizon fios router (a linux box) to my .edu host (also a linux box).
If I run nmap -sT -Pn <.edu host> I'll get back different results of what ports are filtered. I assume that this is a result of what nmap decides to cache when it receives the ICMP messages.
Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-16 14:53 EDT Nmap scan report for some.host.edu (123.45.67.89) Host is up (0.028s latency). Not shown: 999 closed ports PORT STATE SERVICE 23/tcp filtered telnet
Nmap done: 1 IP address (1 host up) scanned in 3.78 seconds [hhoffman@firefly ~]$ nmap -Pn -sT some.host.edu
Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-16 14:53 EDT Nmap scan report for some.host.edu (123.45.67.89) Host is up (0.034s latency). Not shown: 998 closed ports PORT STATE SERVICE 21/tcp filtered ftp 199/tcp filtered smux
Nmap done: 1 IP address (1 host up) scanned in 20.43 seconds [harryh@firefly ~]$ nmap -Pn -sT some.host.edu
Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-16 14:56 EDT Nmap scan report for some.host.edu (123.45.67.89) Host is up (0.078s latency). Not shown: 996 closed ports PORT STATE SERVICE 21/tcp filtered ftp 111/tcp filtered rpcbind 256/tcp filtered fw1-secureremote 3389/tcp filtered ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 2.52 seconds [hhoffman@firefly ~]$ nmap -Pn -sT some.host.edu
Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-16 14:56 EDT Nmap scan report for some.host.edu (123.45.67.89) Host is up (0.030s latency). All 1000 scanned ports on some.host.edu (123.45.67.89) are closed
For a short period of time after the scans commence I'm not able to connect from my FIOS host to my .edu host on tcp/22, a port that is specifically allowed in the .edu host's firewall rules.
There is no software on either end that would perform any tarpit-like functionality.
Cheers, Harry
On 03/18/2013 08:50 AM, joseph.snyder@gmail.com wrote:
Did you ever resolve this?
Harry Hoffman <hhoffman@ip-solutions.net> wrote:
Hi All,
Does anyone know if Verizon automatically performs network filtering in response to scanning behavior?
I'm having some weird connectivity issues to a host and trying to figure out why.
Cheers, Harry
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity.