I'm new to this sub so first of all I'd like to apologise in advance if this is not the correct place for this type of question or if it has been asked before (I couldn't see any questions like this however).
I have an interesting issue. I noticed while working on a Python script that I could establish a connection to the MongoDB TCP port 27017 on servers that do not have MongoDB running, but no data was sent from the server over the connection once established. I then noticed that I could connect to any port on any server! For example, www.google.com:12345 connects just fine using nc. Furthermore, nmap -p12340-12350 www.google.com. shows every port in the range as open. I know this is not the case; trying to connect from another server to any of these servers fails as expected.
I currently have to use a mobile phone for my Internet connection, so I am wondering if this is something that mobile service providers are known to do?
I ran Wireshark while connecting to www.google.com:12345 and the expected TCP SYN/ACK handshake was observed from my client to Google's server at 172.217.20.4, so from that perspective it looks as though this server was indeed responding to my TCP SYN for port 12345. Is it possible that the mobile service provider is pre-emptively sending the rest of the handshake, perhaps to give the illusion of faster connections? The SYN/ACK response was extremely quick, a single millisecond, which makes me think that it didn't come from Google's own server.
For reference I am in Croatia using Bonbon as the service provider and I am running Ubuntu Linux 19.04 (tethered).
No comments:
Post a Comment