Security Basics mailing list archives
Re: ghostly mail ports
From: "KEvin" <kevin () hatry com>
Date: Fri, 10 Jan 2003 10:18:55 +0100
Hi i read a similar problem in a newsgroup some days ago, it seems that the person who posted it had a firewall/virus scanner (norton i think) and that the virus scanner was watching incoming (and departing) mail, thus waiting on the ports 25 and 110. Have you tried tcpview from sysinternal ? it's a good utility that could be helpful to determine what application is listening ... KEvin ----- Original Message ----- From: "joe" <joseph.beard () btopenworld com> To: <security-basics () securityfocus com> Sent: Wednesday, January 08, 2003 1:45 AM Subject: ghostly mail ports
Hi, im new to security and this is my first post, so be gentle :) I have a fairly good understanding of the tcp/ip model and i think i understand what ports are for! but i cant understand that on my box, i
have
the 2 default mail ports (25 and 110) open. Its a windows 2000 box,
service
pack three. Im pretty sure im not running a mail server of any
description.
The ports appear in box scanline and superscan eg C:\>sl -bht 1-1000 192.168.0.1 ScanLine (TM) 1.01 Copyright (c) Foundstone, Inc. 2002 http://www.foundstone.com Scan of 1 IP started at Wed Jan 08 00:36:51 2003 --------------------------------------------------------------------------
--
- 192.168.0.1 Responded in 0 ms. 0 hops away Responds with ICMP unreachable: No TCP ports: 25 110 135 139 445 --------------------------------------------------------------------------
--
- Scan finished at Wed Jan 08 00:37:09 2003 1 IP and 1000 ports scanned in 0 hours 0 mins 18.16 secs but in netstat, activeports, fport they dont! does anybody know where they have come from? i googled for ages but dont seem to be getting anywhere. thanks joe
Current thread:
- ghostly mail ports joe (Jan 09)
- Re: ghostly mail ports Brian Bruns (Jan 10)
- Re: ghostly mail ports KEvin (Jan 10)
- RE: ghostly mail ports David Gillett (Jan 10)
- RE: ghostly mail ports Brian Bruns (Jan 10)
- Re: ghostly mail ports Florian Hobelsberger / BlueScreen (Jan 10)
- Re: ghostly mail ports adam (Jan 11)
- Re: ghostly mail ports John Jasen (Jan 11)
- Re: ghostly mail ports Don Voss (Jan 11)
- Re: ghostly mail ports GSimmonds (Jan 14)
- <Possible follow-ups>
- RE: ghostly mail ports Security Newsletters-TM (Jan 10)
- Re: ghostly mail ports joe (Jan 10)
- Re: ghostly mail ports Brian Bruns (Jan 13)