aryakangler Posted October 6, 2016 Share Posted October 6, 2016 (edited) Can anyone explain why there would be such a difference when both iPhones are running iOS10? One is a 6, other 6s, but each running 10.0.2 iPhone 6 668/tcp filtered mecomm 1045/tcp filtered fpitp 1087/tcp filtered cplscrambler-in 1687/tcp filtered nsjtp-ctrl 1900/tcp filtered upnp 3261/tcp filtered winshadow 3998/tcp filtered dnx 4550/tcp filtered gds-adppiw-db 5221/tcp filtered 3exmp 5633/tcp filtered beorl 8292/tcp filtered blp3 9999/tcp filtered abyss 10566/tcp filtered unknown 18101/tcp filtered unknown 19101/tcp filtered unknown 62078/tcp open tcpwrapped 64623/tcp filtered unknown iPhone 6s 62078/tcp open tcpwrapped Edited October 6, 2016 by aryakangler Quote Link to comment Share on other sites More sharing options...
Rainman_34 Posted October 6, 2016 Share Posted October 6, 2016 Do they both have the same apps running on them? Quote Link to comment Share on other sites More sharing options...
pentestgeek Posted October 6, 2016 Share Posted October 6, 2016 There is no difference. 1 port is open on both devices. Quote Link to comment Share on other sites More sharing options...
digip Posted October 6, 2016 Share Posted October 6, 2016 (edited) filtered is more than likely closed ports. Try using your nmap command with "--open" for only open ports. Edited October 6, 2016 by digip Quote Link to comment Share on other sites More sharing options...
aryakangler Posted October 7, 2016 Author Share Posted October 7, 2016 They do not have the same apps. Thank you for the replies. I don't know much about nmap, but have run numerous scans and this was the first time i've ran into an iPhone with all these "filtered" ports. A little googling of the ports didn't provide me with any reliable information, so I was a bit alarmed. Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted October 7, 2016 Share Posted October 7, 2016 What nmap command did you use? (full line of code) Quote Link to comment Share on other sites More sharing options...
aryakangler Posted October 7, 2016 Author Share Posted October 7, 2016 nmap -T4 -A -v Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted October 10, 2016 Share Posted October 10, 2016 Have you scanned with -sS, -sU, -sA and -sT? Try -P0 (zero) to stop PINGing the phone first. Also, try slowing your scan (use T0, T1 or T2 instead of 4). You can also try using --max-rate and --data-length. A combination of some or all of the above may yield more port results, it may not. Give it a try :) Note that the scans will likely take much longer. Quote Link to comment Share on other sites More sharing options...
pentestgeek Posted October 10, 2016 Share Posted October 10, 2016 I'm sorry to be blunt here but you are chasing ghosts. There is nothing there. You have two iPhones, both with the same port open "62078". Thats it. One of your iPhones has some additional firewall or IDS system which is blocking Nmap from probing some of the ports in its default range so therefore the result is "filtered" Read this for additional understanding. https://nmap.org/book/man.html Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted October 11, 2016 Share Posted October 11, 2016 16 hours ago, pentestgeek said: One of your iPhones has some additional firewall or IDS system which is blocking Nmap from probing some of the ports in its default range so therefore the result is "filtered" Granted, however a scan simply using 'nmap -T4 -A -v' would not necessarily yield all available open ports. Using the options in my post above, I'll oftentimes come across ports that were previously filtered suddenly show as open, simply because they get locked-down during an obvious scan. Which -T4 with no other filters would be. Quote Link to comment Share on other sites More sharing options...
aryakangler Posted October 11, 2016 Author Share Posted October 11, 2016 Thanks for the info. I will try more scans with the filters mentioned and compare results. For the record, this is not a pentest. I am a serial tinkerer. Anytime I am with friends/family and I know everyone has a device connected to the local network I am running various scans out of curiosity. Again, it sparked an interest when this iPhone responded to the scan in this way. While the phones have different apps, I can not think of either that would have extra "firewall or IDS" installed. Different settings in the settings menu i'm sure, but other than that, the apps are nothing special. My main concern is nefarious activity. To that degree, none of these filtered ports could be related to any type of backdoor or malware on the device right? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.