Can a host have zero open port? Is it possible?

[0E 800]

Please read this first: https://en.wikipedia.org/wiki/OSI_model

So, as you can see from the OSI model. MAC filtering takes place at layer 2, IP filtering takes place at layer 3, and ports operate at layer 4. Therefor, it is entirely possible for a router to not have any open ports, and still be able to route, filter macs, and other basic network-relevant malarkey.

So when you throw in a scenario where an admin logs into a device that appears to not have any open ports, that's exactly a farse. In those cases, access is allowed or disallowed via filtered ports - ports that are neither open, nor closed, they are filtered by a firewall. That's not entirely accurate either though, because a port doesn't actually listen in a "filtered" state, but rather the firewall filters datagrams depending on rulesets and sends a reject message if the datagram isn't allowed.

So if you run a scan, and it says "all X ports are closed" what it actually means is that the host 1) doesn't have daemons/services listening on the port range you specified 2) is either logically or physically inaccessible from you or 3) is up, but because you were able to resolve an address with ARP it is actually up and legitimately doesn't have any listening daemons/services listening on the network you share with it which is where the suggestions proxx gave you would came into play (vlans, ACLs, IP filtering, so on and so forth).

Thank you sir. Excellent answer.

[Tugboat]

Can you explain it more? What is you mean about not on a same network?

Please go play in a busy street

[hack3rcon]

It can have different interfaces, for example in Linux you have eth0, eth1, wlan0, usb0, ... net interfaces. The machine can "bind" specific IP addresses, e.g.: You have a wireless network router that gives your machine the IP "192.168.0.2" and you have a wired connection with the IP "173.73.77.34".
Then when you want to run a service such as FTP, you can tell it to just bind it to "192.168.0.2" which is your wlan0 (wireless network interfaces). After that your machcine won't open the port on 173.73.77.34 it will open it on 192.168.0.2. Totally seperated.
*When you open a port and bind it to 0.0.0.0, it's applied to all net interfaces.

Thank you.
Is it kind of Routing?

[hcac]

Is it kind of routing? not really. It's a simple thing programs can do when opening a port or connecting to a port.

Edit:
Do you have netcat?

Code: [Select]

nc -l 192.168.0.2 -p 80
This would open the port 80 only on 192.168.0.2 and nothing else.

And on Unix this

Code: [Select]

nc -l -p 80
would open port 80 on all interfaces (any).