Security Basics mailing list archives

Re: ghostly mail ports

From: Brian Bruns <bruns () 2mbit com>
Date: Sat, 11 Jan 2003 01:17:14 -0500

At 04:20 PM 1/10/03 -0000, joe wrote:

Yeah, I knew what the ports are for, its just that they don't seem to be
attached to anything! I was under the impression that an open port had to
have a process keeping it open? Or is there some mechanism by which a
program can leave it open for later use?


Basically, for a port to be 'open', a program or service has to open the
port.  When the program/service quits/dies, the port is closed also.   If
the process is frozen/locked, it may still answer the port, but just not
return data or accept data.

I have (by process of elimination) worked out its Norton AV 2003, and im not
that worried about it. But if somebody can explain why its open that would
be great (some technical details would be lovely ;)


I have to look this up, but, in order to support
non-outlook/outlook-express clients (I think it can be manually told to use
the old style setup proxy too), NAV will start up a pop proxy and smtp
proxy service, which actually opens the ports.  In your mail client, the IP
address of your mail server setting is 127.0.0.1, which tells it to use the
localhost pop proxy/smtp proxy.  When making an outgoing connection to the
mail server, your mail client talks to the proxy, which then talks on your
client's behalf to the mail server.  Basically, your mail client never
actually speaks directly to the mail server.  This is how it intercepts
viruses.

In the username box, instead of just your username, you have to put in
username () mail server com, because the POP3/SMTP server is set to localhost.

So, as long as the POP3/SMTP proxy programs are running via NAV, the ports
are open.  In 2002, its easy to disable the email checking - its via the
options under e-mail scanning.


Bri


--------------------------------
Brian Bruns
Founder, The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.2mbit.com
ICQ: 8077511

No spam tolerated.  By sending an e-mail to this account, your
server may be subjected to an open relay/open proxy test as part
of our ongoing efforts to reduce spam.

Current thread:

Re: ghostly mail ports, (continued)
- Re: ghostly mail ports KEvin (Jan 10)
- RE: ghostly mail ports David Gillett (Jan 10)
  - RE: ghostly mail ports Brian Bruns (Jan 10)
- Re: ghostly mail ports Florian Hobelsberger / BlueScreen (Jan 10)
- Re: ghostly mail ports adam (Jan 11)
- Re: ghostly mail ports John Jasen (Jan 11)
- Re: ghostly mail ports Don Voss (Jan 11)
- Re: ghostly mail ports GSimmonds (Jan 14)
- RE: ghostly mail ports Security Newsletters-TM (Jan 10)
- Re: ghostly mail ports joe (Jan 10)
  - Re: ghostly mail ports Brian Bruns (Jan 13)