Hi All,

Sorry, got pulled away on other projects. No, still trying to figure out
what's going on. This is traffic originating from FIOS's network.

I have a host located in a .edu that is configured to send back icmp
host prohibited replies for connections that aren't specifically allowed
in the host based firewall.

The .edu border routers filter very little (standard MS ports
135,137,139,445 udp/tcp).

I can ssh from my verizon fios router (a linux box) to my .edu host
(also a linux box).

If I run nmap -sT -Pn <.edu host> I'll get back different results of
what ports are filtered. I assume that this is a result of what nmap
decides to cache when it receives the ICMP messages.

Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-16 14:53 EDT
Nmap scan report for some.host.edu (
Host is up (0.028s latency).
Not shown: 999 closed ports
23/tcp filtered telnet

Nmap done: 1 IP address (1 host up) scanned in 3.78 seconds
[hhoffman@firefly ~]$ nmap -Pn -sT some.host.edu

Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-16 14:53 EDT
Nmap scan report for some.host.edu (
Host is up (0.034s latency).
Not shown: 998 closed ports
21/tcp  filtered ftp
199/tcp filtered smux

Nmap done: 1 IP address (1 host up) scanned in 20.43 seconds
[harryh@firefly ~]$ nmap -Pn -sT some.host.edu

Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-16 14:56 EDT
Nmap scan report for some.host.edu (
Host is up (0.078s latency).
Not shown: 996 closed ports
21/tcp   filtered ftp
111/tcp  filtered rpcbind
256/tcp  filtered fw1-secureremote
3389/tcp filtered ms-wbt-server

Nmap done: 1 IP address (1 host up) scanned in 2.52 seconds
[hhoffman@firefly ~]$ nmap -Pn -sT some.host.edu

Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-16 14:56 EDT
Nmap scan report for some.host.edu (
Host is up (0.030s latency).
All 1000 scanned ports on some.host.edu ( are closed

For a short period of time after the scans commence I'm not able to
connect from my FIOS host to my .edu host on tcp/22, a port that is
specifically allowed in the .edu host's firewall rules.

There is no software on either end that would perform any tarpit-like


On 03/18/2013 08:50 AM, joseph.sny...@gmail.com wrote:
> Did you ever resolve this?
> Harry Hoffman <hhoff...@ip-solutions.net> wrote:
>> Hi All,
>> Does anyone know if Verizon automatically performs network filtering in
>> response to scanning behavior?
>> I'm having some weird connectivity issues to a host and trying to
>> figure
>> out why.
>> Cheers,
>> Harry

Reply via email to