port 25 different response on TCP-SYN and Connect scan, why?

[Gunpowderboy]

I did both a TCP connect scan and a TCP SYN scan of my computer using the portscanner at http://www.pcflank.com/scanner1.htm and port 25 showed up as closed on TCP connect scan and stealthed on TCP SYN scan, why is that?

Does it have to do with SMTP? Does SMTP not use SYN segments? I though SMTP used TCP connections (and hence you could get SYN,ACK from the server).

Anyone who would be willing to clear this up please feel free to do so.

 

[Gunpowderboy]

I might have come up with the answer, does this sound reasonable??

My ISP does not allow SMTP servers on the network if they are not their own, hence port 25 is blocked for IPs that they give out to users.

So here is the question... What answer does the TCP SYN scan client get from the server (my computer) if the port is closed? I guess a SYN,RST. If so what would the answer be if the port was stealthed? ACK,RST ?

Hmm maybe I'm just messing things up in my head...

 

[SJConsultant]

Originally posted by Gunpowderboy
I might have come up with the answer, does this sound reasonable??

My ISP does not allow SMTP servers on the network if they are not their own, hence port 25 is blocked for IPs that they give out to users.

So here is the question... What answer does the TCP SYN scan client get from the server (my computer) if the port is closed? I guess a SYN,RST. If so what would the answer be if the port was stealthed? ACK,RST ?

Hmm maybe I'm just messing things up in my head...

If the ISP is blocking port 25, then PCflank is not receiving any response from your computer, they are receiving a response from the ISP router or firewall doing the blocking. Depending on your ISP setup, some firewalls just drop SYN scans into a bitbucket with no response ,whereas a full TCP connect would be responded as being closed.