What are filtered ports and can I close the following ports?

I ran a port scan and got the following

PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   open     ssh
25/tcp   filtered smtp
80/tcp   open     http
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
554/tcp  open     rtsp
7070/tcp open     realserver

Open in new window


My questions are
1. What does filtered mean? If I'm running a mail server should I open smtp?
2. What are the following ports? I want to close them
-msrpc
-netbios-ssn
-microsoft-ds
-rtsp
-realserver
burnedfacelessAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bbaoIT ConsultantCommented:
-msrpc - Microsoft Remote Procedure Call
-netbios-ssn - NetBIOS over TCP/IP session
-microsoft-ds - Microsoft Directory Services
-rtsp - Real Time Streaming Protocol streaming services
-realserver - RealPlayer server
btanExec ConsultantCommented:
I believed you are using nmap.

filtered - scanner cannot determine if the port is open as there is packet filtering which may be from host or network firewall or router ACL. typically those port need to be guarded more stringently as they are commonly being exploited. but for SMTP case, it is filtered for outgoing primarily to try and stop spam going out through your enterprise networks. Think of when a computer in your network gets infected by a virus, it can be hijacked by the virus writers to send out thousands, if not millions of spam emails. Doubt you want that to happened so better to maintain as filtered.

-msrpc, netbios-ssn' and microsoft-ds - Ports 137, 138 and 139 are for NetBIOS, and are not required for the functionality of MSRPC (remote procedure calls). Actually these are legacy, you can acquire name resolution through other means (DNS,) and assuming the remote service itself is not dependent on NetBIOS.

-rtsp, and realserver - Ports 554 and 7070 are for Realplayers RealServers. Close it if not using and is not necessary. An extension of the threat is port 554 allows attempts to enumerate RTSP media URLS by testing for common paths on devices such as surveillance IP cameras. Thereafter the identified target device will then be further recon for weakness etc

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Shaun VermaakTechnical SpecialistCommented:
Best to do those as services instead of trying to identify the ports
https://www.experts-exchange.com/articles/31687/Windows-Firewall-as-Code.html
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.