Is it possible for port scanners to return the port as if it is closed, but is it actually open ??
2 answers
Removed from comment
One option for hiding ports from scanning utilities and unauthorized connections is the port knocking mechanism. Its essence is that initially the port of the protected service is closed by a firewall, the port knocking daemon waits for packets to certain ports in a given sequence, and then opens the service port for access from outside.
Setup guides:
The advantages / disadvantages of port knocking are a matter of discussion, but in any case, this mechanism should be considered as part of the security system, and not its only element.
Main inconvenience in use:
A client is required to pre-send a sequence of packets before connecting.
There is no direct support in the Linux kernel (although there are solutions entirely on iptables). The port knocking daemon is the point of failure, problems in the functioning of the daemon will lead to problems with access to the protected services.
It is recommended to periodically change the sequence of "knocks".
kmv kmv
5.969 6 32
|
Is it possible. Nmap, for example, uses different scanning techniques (via zombie, xtree), besides, the services themselves may differ in behavior or wait for special packets, so nmap may make false-positive errors. Much depends on the depth of nmap analysis. See also article
But, I suppose, it is rather a random behavior. You can make it more likely by choosing a nonstandard port.
LXA LXA
1,114 9 20
|
one time sequenceconcealment will be even stronger. - LXA