Weird Port scanning results using nmap

user994535 asked:

I was scanning one of my friends servers using nmap and got these port details.

22/tcp    open     ssh
42/tcp    filtered nameserver
80/tcp    open     http
111/tcp   open     rpcbind
135/tcp   filtered msrpc
139/tcp   filtered netbios-ssn
161/tcp   filtered snmp
179/tcp   filtered bgp
443/tcp   open     https
1028/tcp  filtered unknown
1080/tcp  filtered socks 
3128/tcp  filtered squid-http
6666/tcp  filtered irc
6667/tcp  filtered irc
6668/tcp  filtered irc
7402/tcp  open     unknown
10082/tcp open     amandaidx

And when I logged into the machine using SSh and scanned it again using nmap, I got the following result

22/tcp    open  ssh
25/tcp    open  smtp
80/tcp    open  http
111/tcp   open  rpcbind
443/tcp   open  https
631/tcp   open  ipp
7402/tcp  open  rtps-dd-mt
10082/tcp open  amandaidx

Why question is why is it showing IRC ports and Squid Ports on the first scan? We don’t have anything installed in it. Its a dedicated box and not running on VM. Is there any possibility that it might have been compromised? It doesn’t have any IPtables on it too.

My answer:

These ports are most likely being filtered by your friend’s Internet Service Provider.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.