Security Basics mailing list archives
Re: Why do all of my win2sp4 machines have port 110 open?
From: Kirk Schafer <infosec-capital () rainswept com>
Date: Fri, 15 Oct 2004 00:11:43 -0500
In re: my previous message, the SAV/NAV worm interception behavior also applies to port 25. An interesting interaction that supports my previous statement is observable between Norton Antivirus 11 (NAV 2005) and ZoneAlarm Pro. When I use a portscanner to scan another computer, ZoneAlarm pops up and asks if I want to allow a component of NAV to continue, but not my portscanner (in this example, SuperScan 3 or 4 from FoundStone). When I allow this interaction, both ports 25 and 110 show as "open", even though they really aren't open at the destination.
Best, Kirk Bowes, Ronald (EST) wrote:
There's a program called FPort from www.foundstone.com which can tell you which service or program is using a port: C:\Documents and Settings\RBowes\Desktop>fport FPort v2.0 - TCP/IP Process to Port Mapper Copyright 2000 by Foundstone, Inc. http://www.foundstone.com Pid Process Port Proto Path 1044 svchost -> 135 TCP C:\WINDOWS\system32\svchost.exe 4 System -> 139 TCP 4 System -> 445 TCP 532 rcHost -> 798 TCP C:\Program Files\CA\Unicenter Remote Control\rcHost.exe [.....] Grab that, run it, and see what's listening on TCP 110. Ron Bowes Information Protection Centre Government Of Manitoba -----Original Message-----From: waters [mailto:realized () gmail com] Sent: Tuesday, October 12, 2004 9:27 PMTo: security-basics () securityfocus com Subject: Why do all of my win2sp4 machines have port 110 open? When i telnet to that port on 110, i connect then get disconnected right away. Norton with updated def files and housecall(trendmicro) reports nothing, and no trojans were also found via the two. Is this normal? i am using a network security scanner and so far 4/34 windows machines, the only 4 it scanned so far, all have something on port 110. How can i find out whats going on? netstat and tcpview ( http://www.sysinternals.com/ntw2k/source/tcpview.shtml ) show nothing on 110 either.
-- ___________________________________________________ Kirk Schafer Infosec Capital - Your Information Security Asset 308 East Broadway Ave, PO Box 1851 Fairfield, IA 52556 641-919-1783 (mobile) http://www.infosec-capital.com
Current thread:
- Why do all of my win2sp4 machines have port 110 open? waters (Oct 13)
- Re: Why do all of my win2sp4 machines have port 110 open? waters (Oct 13)
- Re: Why do all of my win2sp4 machines have port 110 open? Steve (Oct 14)
- Re: Why do all of my win2sp4 machines have port 110 open? freeasabird_13 (Oct 15)
- <Possible follow-ups>
- RE: Why do all of my win2sp4 machines have port 110 open? Bowes, Ronald (EST) (Oct 14)
- Re: Why do all of my win2sp4 machines have port 110 open? Kirk Schafer (Oct 14)
- Re: Why do all of my win2sp4 machines have port 110 open? Kirk Schafer (Oct 15)
- Re: Why do all of my win2sp4 machines have port 110 open? Kirk Schafer (Oct 15)
- RE: Why do all of my win2sp4 machines have port 110 open? Andrew Shore (Oct 14)