Re: Why do all of my win2sp4 machines have port 110 open?

["Steve" <securityfocus () delahunty com>]

110 is for POP3, inbound port used

If you allow network clients to connect outbound via your firewall using
POP3 email client and receive email then that would cause this behavior.
Since you note that 4 of 34 machines have this port open it might not be
open for all your machines.  Of course will only probably be open for ones
where users are running POP3 email client.

----- Original Message ----- 
From: "waters" <realized () gmail com>
To: <security-basics () securityfocus com>
Sent: Tuesday, October 12, 2004 10:27 PM
Subject: Why do all of my win2sp4 machines have port 110 open?


When i telnet to that port on 110, i connect then get disconnected
right away. Norton with updated def files and housecall(trendmicro)
reports nothing, and no trojans were also found via the two.

Is this normal?

i am using a network security scanner and so far 4/34 windows
machines, the only 4 it scanned so far, all have something on port
110.

How can i find out whats going on?

netstat and tcpview (
http://www.sysinternals.com/ntw2k/source/tcpview.shtml ) show nothing
on 110 either.