Question Blocking ports in Firewall but nmap says otherwise

mangaman · Oct 5, 2019

I'm blocking ports in Windows Firewall, but when I run a loopback scan in Nmap, it says that the ports are open.

I go into windows firewall and create a new rule in the "inbound" section. I set it to "block the connection", then specify the port and protocol. I save it for public, private and domain, as well as giving the rule an easy to remember name and saving it. I do this for both TCP and UTP connections. Yet, nmap still detects the ports as open.

The nmap command that I am running is "nmap -T4 -A -v 127.0.0.1".

What is going on?

Ralston18 · Oct 7, 2019

127.0.0.1 is the loopback address.

Reference:

https://www.lifewire.com/network-computer-special-ip-address-818385

More discussion here:

https://superuser.com/questions/261402/corporate-firewall-blocking-localhost-127-0-0-1

mangaman · Oct 7, 2019

Ralston18 said:
127.0.0.1 is the loopback address.

Reference:

https://www.lifewire.com/network-computer-special-ip-address-818385

More discussion here:

https://superuser.com/questions/261402/corporate-firewall-blocking-localhost-127-0-0-1

Thanks for the information. I also ran the same command but with my private ip "nmap -T4 -A -v 192.168.1.2" but nmap also said that some ports are open.

Any idea why that is?

Ralston18 · Oct 8, 2019

Late question: Are you establishing both inbound and outbound rules?

Which ports, by number, remain open?

There are a number of websites that cross reference port numbers by service.

E.g.:

https://www.lifewire.com/popular-tcp-and-udp-port-numbers-817985

https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml

Identifying what may be using those ports could be helpful.

mangaman · Oct 8, 2019

Yes, I am establishing both an inbound and outbound rule.

Port number I am blocking is 1025, but it shows up in CMD netstat and NMap. I looked up the PID number in netstat and traced it to my services in task manager, under the service tab. However, no service is running under that PID.

Ralston18 · Oct 15, 2019

What PID number?

Network Blackjack perhaps.... ?

Reference:

https://www.iana.org/assignments/se...es-port-numbers.xhtml?search=1&skey=12&page=6

Also try downloading Process Explorer via Microsoft's website.

mangaman · Oct 27, 2019

Sorry for the ultra late reply.

The PID is 2724, which traces back to VMware Authorization service. So I'll leave that alone.

But what about the ports being open? Any way to set them as filtered?

Search

Question Blocking ports in Firewall but nmap says otherwise

mangaman

Honorable

Ralston18

Titan

mangaman

Honorable

Ralston18

Titan

mangaman

Honorable

Ralston18

Titan

mangaman

Honorable

TRENDING THREADS

Latest posts

Moderators online

Share this page