Port scanning and blocking ports

Unanswered Question
Nov 10th, 2005
User Badges:

Question:

There is a PC behind a cable modem. The cable modem is "blocking" port 161 snmp. I know this because it defines that in teh cable modem config file from the ISP. But, when I port scan the PC from the internet, my scanner reports that port 161 is OPEN. So, is it possible that port 161 traffic is blocked but the port scanner uses some other mechanism to see that 161 is open on the PC? I'm confused.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jackko Thu, 11/10/2005 - 16:33
User Badges:
  • Gold, 750 points or more

just couple quick thoughts.


cable modem is blocking udp 161. it might only means blocking itself, i.e. no one call poll snmp data from the cable modem.


wondering how would you port scan from the internet to a pc. does it mean there is a 1-to-1 nat for the pc?

b.withrow Fri, 11/11/2005 - 07:43
User Badges:

Thanks for the reply.


In the cable modem config file (from ISP) there is a line that says to block port 161. When trying to SNMP walk the PC behind the cable modem I could not get a response, but upon port scanning the PC I could see port 161 open. Now the cable modem file has been modified to allow 161 I can walk the MIB on the remote PC. I say PC as a generice term, I really mean wireless router. SORRY.


So, when I portscan something and the program sees port 161 as "available" on a remote system, it must see it's opne but doesn't really use port 161 to verify that. Is that a safe assumption?

mheusinger Sat, 01/28/2006 - 06:14
User Badges:
  • Green, 3000 points or more

Hello,


scanning UDP ports is tricky as there is NO response to a UDP packet, when:

A. the packet is dropped because of a firewall

B. The port is open.


Some scanners are misleading in their results (sometimes because the security solution of the scanning site will be offered to solve the problems).


Hope this helps! Please rate all posts.


Regards, Martin

Actions

This Discussion