Where were you running nmap from? Inside or outside the firewall? If
inside the firewall, like on the same machine, nmap's requests dont'
go thru the firewall, hence no blocking.
The other possibility is that your machine has been compromised and
nmap is telling you reality and netstat has been replaced with a
version that hides certain ports.
Jeffrey
Quoting Tazio Ceri
Hi Susers, just to check the security of my machine I run "nmap -vv -sU mymachineip" from another box on the internet.
nmap returns that udp ports 137, 138, 272, 464, 635, 929, 1110 1464 and 2002 are open. I run netstat from my machine and I note that only 137 and 138 are really open, not the others. Furthermore, 137 and 138 are firewalled with ipchains (-j DENY option).
Can anybody explain me why nmap does these mistakes, if they really are mistakes? Why it sees 137 and 138 as open while they are firewalled?
Thanks in advance
Tazio
-- I don't do Windows and I don't come to work before nine. -- Johnny Paycheck