Question
What does the "filtered" status mean in an nmap report?
Answer
The most common cause for nmap to report filtered is a firewall block. Sometimes the filtered status can be returned if a network problem is preventing packets from arriving at the destination. In some rare cases, this state can also be reported if the individual service on the destination server is receiving packets, but is entirely failing to send any data back. By far the majority of the time, this due to a firewall block, so you should focus on confirming if that is the case first.
Please see this quote from the documentation:
Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information. Sometimes they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication administratively prohibited), but filters that simply drop probes without responding are far more common. This forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering. This slows down the scan dramatically.
Comments
0 comments
Article is closed for comments.