Weird Port scanning results using nmap

user994535 asked:

I was scanning one of my friends servers using nmap and got these port details.

22/tcp    open     ssh
42/tcp    filtered nameserver
80/tcp    open     http
111/tcp   open     rpcbind
135/tcp   filtered msrpc
139/tcp   filtered netbios-ssn
161/tcp   filtered snmp
179/tcp   filtered bgp
443/tcp   open     https
1028/tcp  filtered unknown
1080/tcp  filtered socks 
3128/tcp  filtered squid-http
6666/tcp  filtered irc
6667/tcp  filtered irc
6668/tcp  filtered irc
7402/tcp  open     unknown
10082/tcp open     amandaidx

And when I logged into the machine using SSh and scanned it again using nmap, I got the following result

22/tcp    open  ssh
25/tcp    open  smtp
80/tcp    open  http
111/tcp   open  rpcbind
443/tcp   open  https
631/tcp   open  ipp
7402/tcp  open  rtps-dd-mt
10082/tcp open  amandaidx

Why question is why is it showing IRC ports and Squid Ports on the first scan? We don’t have anything installed in it. Its a dedicated box and not running on VM. Is there any possibility that it might have been compromised? It doesn’t have any IPtables on it too.

My answer:

These ports are most likely being filtered by your friend’s Internet Service Provider.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.