James, I think you're full of it buddy. It seems that you're firewall is dropping the packets rather than returning a response, even if the response is just saying "sorry port closed..".. just because you aren't get a response does not mean there aren't any open ports, it just means the firewall is well configured and doing it's job by "cloaking" both open and closed ports.... You have run into an entirely common and mundane issue in the word of penetration testing. Do a little more research.



What operating system and firewall are you targeting with these scans? What you need to do: figure out what ports are actually open behind the cloak of the firewall. (to do this you are going to have to find vulnerabilities of the firewall itself or more commonly just trick the firewall, there are a number of ways to do this)...then, find vulnerable services running on those open ports and attempt to exploit them. etc. Otherwise you would have to look for bugs in the firmware or get even more complicated and technical. What do I mean by that (I know it sounds vague and bullish, right?).... Well, here are some "buzz words" for you: packet fragmentation and/or masquerading, header manipulation, source address spoofing, ICMP probing (these are just a few relatively common subversion techniques) and even ARP cache poisoning depending on what you're trying to do.. These are all "tricks of the trade" in such an endeavour.



I have been on Yahoo Answers for a few months and have answered over 100 questions... This is the first legit security question that got me a little (just a little) exited. 99/100 questions are basically "hurr do I haz viruz?" ....Also, you should post this question on the beginners section of the backtrack Linux forums or some place like that.



Also, NMap is great, I love it but it's not the only option you have. There are other such network and/or port scanners and other types of vulnerability scanners as well. I cannot stress enough how much I love and depend on Nessus. In my mind the conversation between Nessus and the target PC is something like "Nessus: Hey buddy, how are you? Are you vulnerable in any way?...Target: Hey Nessus, hold on let me check... *checking*....Why yes Nessus, I am vulnerable.. here is a list of all my vulns.... Nessus: thanks!" Basically it queries (or questions) the target in a such way so as to induce a self divulging of of potential exploits. It's amazing.

The first IP is still online, while the second is off. More than likely it was somebody port scanning your IP. What port scanning does is it searches your IP for open ports, which can lead to vulnerabilities. After doing a port scan on their IP (funny how that works ain't it?) I learned that you were scanned by a Windows powered server (not home computer.) I think that you're safe and that it might have been accidental, especially seeing as UDP ports usually aren't where vulnerabilities are. Hope this helped =) Edit: They also have Symtantec (or however you spell that) firewall installed on their system. If this happens again and again with the same IPs then I would suggest going to your ISP, and from there you could switch your IP.

Nmap Scan All Ports

Nmap Filtered

Hey guys sorry to use your question for this, but since the question was answered fully I had no reason to answer it also but @ Ann Sers can you do me a favor and email me. I need to talk to you about something! Related to what you do. Thanks