When is a port considered to be closed?
Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: When is a port considered to be closed?

  1. #1
    Member
    Join Date
    Aug 2004
    Posts
    95

    When is a port considered to be closed?

    Hi

    I have a question, and I strongly believe people here can explain this.

    When is a port considered to be closed?

    a) If OS is specifically configured to block it.
    b) When no service is running on the port.

    Pl. put your thoughts.

    Anban

  2. #2
    Banned
    Join Date
    May 2005
    Posts
    173
    B

    The end...

  3. #3
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    Posts
    670
    Not always true, TheSpecialist. What about inetd? Telnet, for example, doesn't run on port 23 until someone attempts to connect to your system on port 23. Then (assuming inetd is running) inetd checks the /etc/services file to see which port you have telnet configured on, and starts the service on that port. There isn't anything running on port 23 until someone attempts a connection on that port, right?

    Perhaps I'm just splitting hairs.

    Anyway, anban, to declare a port completely closed, I would turn off inetd, comment out any services you're not using in the /etc/services file on that port, and call it a day.
    /* You are not expected to understand this. */

  4. #4
    Banned
    Join Date
    Jul 2005
    Posts
    511
    I think the word 'closed' is a bit poorly chosen. It's not a door that you can open and close all the time. A port just has different states. Either it is disconnected, it is listening or it is connected. That should be better definitions to use with ports, in my opinion...
    If an OS is blocking a port, it is blocked, basically. The OS basically connects to it so no other form of communication can be done with it it.
    And what kind of state is listening? Simple. For all communications you will need two sides to take part in it. One side that 'opens' the port and then starts to listen for incoming messages and the other side that 'links' to this open port to start the communications. As long as one side is connected to a port, it can't do much with it except listening until something makes a connection with it. You could call this 'open' because when a connection is made, the port will be closed for other processes for the duration of this communication...

    Don't get too confused about definitions of words. There tend to be plenty of different definitions for these kinds of things. Just understand the logic behind it, which is more important when you need to use it.

  5. #5
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    port is considered closed when client sends a SYN and receives a FIN or a RST in response.
    port is considered blocked when client sends a SYN and receives no response.
    Meu s癃io

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  6. #6
    Banned
    Join Date
    Jul 2005
    Posts
    511
    Hmmm. I suddenly realise that there might be a bit of confusion about the kind of port we're talking about here. Obviously not about those where ships get in and out.
    But do we talk about a serial port here? Parallel port? USB port? Ir a TCP/IP port? Space port?

    You can also drink port, apparantly. It's a bit disambiguous. But a good description of computer ports is available at http://en.wikipedia.org/wiki/Port_%28computing%29 if you're interested.

    But basically, a port can be closed because the port master doesn't allow any ships to enter or leave, or a port is closed because a ship sunk in it and is blocking the entrance. (In which case you can also call it blocked.) It's all about traffic anyways...

  7. #7
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    Generally closed ports will send an rst/ack in response to unwanted tcp traffic, not a fin. And icmp port unreachable is sent for udp.

    Blocked will generally drop the traffic or have an icmp response from the local router...something along the lines of admin prohibited..
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  8. #8
    I'm surprised, no one went into too much detail about filtered ports.

  9. #9
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    No one really asked about port filtering afaik.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  10. #10
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535
    I allways thought of filtered as what cacosapo calles blocked (when client sends a SYN and receives no response)
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides