cancel
Showing results for 
Search instead for 
Did you mean: 

nmap shows ports 135, 139, 445 as 'filtered' on WAN

stuffit
Dabbler
Posts: 13
Registered: 10-07-2013

nmap shows ports 135, 139, 445 as 'filtered' on WAN

I performed a port scan of my router's WAN connection earlier, expecting to see just port 22 (SSH) open, as configured by me. In actual fact, using nmap from an external connection not on Plusnet's network, I see ports 135, 139 and 445 are all reported as 'filtered', as reported by nmap.

PORT    STATE    SERVICE
22/tcp  open    ssh
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds

I double checked my router's firewall settings and these ports are definitely not open in any way at the router (apart from SSH, as mentioned above). I then scanned a friend's (and fellow Plusnet customer) router and see the same.
Is this caused by some Plusnet firewalling at the Plusnet network level? I have read elsewhere that some ISPs block these ports because of misuse / abuse.
Just to clarify, I don't want these ports open and it's not a problem to me if Plusnet want to filter these at the network level. I would just like to know the cause of them showing up at all.
Oh, and I did check the firewall settings in my Plusnet Portal settings. The firewall is turned off for my account.
2 REPLIES
dragon2611
Grafter
Posts: 283
Registered: 20-10-2013

Re: nmap shows ports 135, 139, 445 as 'filtered' on WAN

Can you confirm the nmap options you are using.
When I scan from an untrusted host it just tells me all scanned ports are filtered (Which I'd expect as my default rule is to drop)
stuffit
Dabbler
Posts: 13
Registered: 10-07-2013

Re: nmap shows ports 135, 139, 445 as 'filtered' on WAN

Quote from: dragon2611
Can you confirm the nmap options you are using.

The issue showed itself when using nmap without any optional arguments, basically just 'nmap myaccount.plus.com'.
However, after your reply, I tested again and this time from another ISP (my first test was from a friend's Virgin Media connection) and now I see just the SSH port open as I'd expect. I feel bit of a fool for not thinking about this earlier but it seems the 'filtered' status for ports 135, 139 and 445 were actually down to Virgin's network, not Plusnet's. A quick Google search immediately turns up results confirming that Virgin are blocking these ports. A schoolboy error on my part!
Thanks for your reply though, it made me look at it again with my brain turned on this time. Smiley