Are you sure the edu isn't triggering any sort of filtering on host that do scanning?
Harry Hoffman <hhoff...@ip-solutions.net> wrote: >Hi All, > >Sorry, got pulled away on other projects. No, still trying to figure >out >what's going on. This is traffic originating from FIOS's network. > >I have a host located in a .edu that is configured to send back icmp >host prohibited replies for connections that aren't specifically >allowed >in the host based firewall. > >The .edu border routers filter very little (standard MS ports >135,137,139,445 udp/tcp). > >I can ssh from my verizon fios router (a linux box) to my .edu host >(also a linux box). > >If I run nmap -sT -Pn <.edu host> I'll get back different results of >what ports are filtered. I assume that this is a result of what nmap >decides to cache when it receives the ICMP messages. > >Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-16 14:53 EDT >Nmap scan report for some.host.edu (123.45.67.89) >Host is up (0.028s latency). >Not shown: 999 closed ports >PORT STATE SERVICE >23/tcp filtered telnet > >Nmap done: 1 IP address (1 host up) scanned in 3.78 seconds >[hhoffman@firefly ~]$ nmap -Pn -sT some.host.edu > >Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-16 14:53 EDT >Nmap scan report for some.host.edu (123.45.67.89) >Host is up (0.034s latency). >Not shown: 998 closed ports >PORT STATE SERVICE >21/tcp filtered ftp >199/tcp filtered smux > >Nmap done: 1 IP address (1 host up) scanned in 20.43 seconds >[harryh@firefly ~]$ nmap -Pn -sT some.host.edu > >Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-16 14:56 EDT >Nmap scan report for some.host.edu (123.45.67.89) >Host is up (0.078s latency). >Not shown: 996 closed ports >PORT STATE SERVICE >21/tcp filtered ftp >111/tcp filtered rpcbind >256/tcp filtered fw1-secureremote >3389/tcp filtered ms-wbt-server > >Nmap done: 1 IP address (1 host up) scanned in 2.52 seconds >[hhoffman@firefly ~]$ nmap -Pn -sT some.host.edu > >Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-16 14:56 EDT >Nmap scan report for some.host.edu (123.45.67.89) >Host is up (0.030s latency). >All 1000 scanned ports on some.host.edu (123.45.67.89) are closed > >For a short period of time after the scans commence I'm not able to >connect from my FIOS host to my .edu host on tcp/22, a port that is >specifically allowed in the .edu host's firewall rules. > >There is no software on either end that would perform any tarpit-like >functionality. > >Cheers, >Harry > > > >On 03/18/2013 08:50 AM, joseph.sny...@gmail.com wrote: >> Did you ever resolve this? >> >> Harry Hoffman <hhoff...@ip-solutions.net> wrote: >> >>> Hi All, >>> >>> Does anyone know if Verizon automatically performs network filtering >in >>> response to scanning behavior? >>> >>> I'm having some weird connectivity issues to a host and trying to >>> figure >>> out why. >>> >>> Cheers, >>> Harry >> -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.