RE: Why do all of my win2sp4 machines have port 110 open?

["Bowes, Ronald (EST)" <RBowes () gov mb ca>]

There's a program called FPort from www.foundstone.com which can tell you
which service or program is using a port:

C:\Documents and Settings\RBowes\Desktop>fport
FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com

Pid   Process            Port  Proto Path
1044  svchost        ->  135   TCP   C:\WINDOWS\system32\svchost.exe
4     System         ->  139   TCP
4     System         ->  445   TCP
532   rcHost         ->  798   TCP   C:\Program Files\CA\Unicenter Remote
Control\rcHost.exe
[.....]

Grab that, run it, and see what's listening on TCP 110.



Ron Bowes
Information Protection Centre
Government Of Manitoba

-----Original Message-----
From: waters [mailto:realized () gmail com] 
Sent: Tuesday, October 12, 2004 9:27 PM
To: security-basics () securityfocus com
Subject: Why do all of my win2sp4 machines have port 110 open?

When i telnet to that port on 110, i connect then get disconnected
right away. Norton with updated def files and housecall(trendmicro)
reports nothing, and no trojans were also found via the two.

Is this normal?

i am using a network security scanner and so far 4/34 windows
machines, the only 4 it scanned so far, all have something on port
110.

How can i find out whats going on?

netstat and tcpview (
http://www.sysinternals.com/ntw2k/source/tcpview.shtml ) show nothing
on 110 either.