Jump to content

nmap - How to get around Firewall on Windows 10? All ports filtered.


Recommended Posts

Hey all,

I've been learning nmap for the last week, scanning my own network for practice.

I've managed to find open ports on other devices, however when I scan my Windows 10 machine, all ports are always filtered.

I've tried;

  • fragmenting the packets with -f
  • spoofing my MAC to that of my internet Hub
  • slowing down the scan with -T2 and --scan-delay
  • turning off PING with -Pn

But nmap always returns that all 1000 ports are filtered.

The machine has Windows firewall turned on, but no other firewall software running.

Any ideas?


Link to comment
Share on other sites

Should there be any open ports?

Sounds like the firewall is doing it's job.

It is indeed, which is great! However, I was hoping there was a way to circumnavigate it.

My phone, as an example, showed all ports as filtered until I fragmented the packages and slowed down the scan, then it picked up open ports.

Is there no way for me to trick the firewall and see open ports, or stop it from running altogether?

Or, if not, how would one go about fingerprinting the OS instead of nmap?

Link to comment
Share on other sites

p0f does passive fingerprinting. So the windows 10 machine would need to generate the traffic.

Also, you might want to try some of the other scan types such as Xmas tree and Fin. You could also try the nmap man page, and go through each can type to see if anything gives a better result.

Bear in mind, that sometimes firewalls are completely closed off and another avenue is required.

Link to comment
Share on other sites

I would assume, the firewall has banned your ip...

Try changing your local ip and perform a less aggressive port scan... it should look like normal activity...

Ip change in linux.

ifconfig wlan0 inet

Dhclient wlan0

Ip change on winblows

ipconfig /release

Ipconfig /renew

Now the nmap scan

nmap -O -p 135,139,445 (target ip)

Edited by i8igmac
Link to comment
Share on other sites

nmap -O -p 135,139,445 (target ip)

This kind-of worked, it gave me a bit more info, but unfortunately Windows 10 was picked up as an unknown operating system, and it still stated 135, 139 and 445 were filtered.

p0f was a bit better, it advised the fact that it was a Windows machine, but failed to specify version 10.

I'll see what the results look like with Windows firewall turned off, and if the ports suddenly open up, I'll experiment with 'piggy-backing' some code to turn it off, maybe have a play with the SET and Metasploit.

Cheers guys.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...