Security Basics mailing list archives
Re: ghostly mail ports
From: Brian Bruns <bruns () 2mbit com>
Date: Sat, 11 Jan 2003 01:17:14 -0500
At 04:20 PM 1/10/03 -0000, joe wrote:
Yeah, I knew what the ports are for, its just that they don't seem to be attached to anything! I was under the impression that an open port had to have a process keeping it open? Or is there some mechanism by which a program can leave it open for later use?
Basically, for a port to be 'open', a program or service has to open the port. When the program/service quits/dies, the port is closed also. If the process is frozen/locked, it may still answer the port, but just not return data or accept data.
I have (by process of elimination) worked out its Norton AV 2003, and im not that worried about it. But if somebody can explain why its open that would be great (some technical details would be lovely ;)
I have to look this up, but, in order to support non-outlook/outlook-express clients (I think it can be manually told to use the old style setup proxy too), NAV will start up a pop proxy and smtp proxy service, which actually opens the ports. In your mail client, the IP address of your mail server setting is 127.0.0.1, which tells it to use the localhost pop proxy/smtp proxy. When making an outgoing connection to the mail server, your mail client talks to the proxy, which then talks on your client's behalf to the mail server. Basically, your mail client never actually speaks directly to the mail server. This is how it intercepts viruses. In the username box, instead of just your username, you have to put in username () mail server com, because the POP3/SMTP server is set to localhost. So, as long as the POP3/SMTP proxy programs are running via NAV, the ports are open. In 2002, its easy to disable the email checking - its via the options under e-mail scanning. Bri -------------------------------- Brian Bruns Founder, The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.2mbit.com ICQ: 8077511 No spam tolerated. By sending an e-mail to this account, your server may be subjected to an open relay/open proxy test as part of our ongoing efforts to reduce spam.
Current thread:
- Re: ghostly mail ports, (continued)
- Re: ghostly mail ports KEvin (Jan 10)
- RE: ghostly mail ports David Gillett (Jan 10)
- RE: ghostly mail ports Brian Bruns (Jan 10)
- Re: ghostly mail ports Florian Hobelsberger / BlueScreen (Jan 10)
- Re: ghostly mail ports adam (Jan 11)
- Re: ghostly mail ports John Jasen (Jan 11)
- Re: ghostly mail ports Don Voss (Jan 11)
- Re: ghostly mail ports GSimmonds (Jan 14)
- RE: ghostly mail ports Security Newsletters-TM (Jan 10)
- Re: ghostly mail ports joe (Jan 10)
- Re: ghostly mail ports Brian Bruns (Jan 13)