Security Basics mailing list archives
RE: ghostly mail ports
From: Security Newsletters-TM <SecurityNewsletters.tm () telus com>
Date: Fri, 10 Jan 2003 14:57:35 -0500
Hi Joe; It does sound like there IS a mail server. Try doing a 'netstat' on the command line and seeing if the ports are truly bound. Don't forget, many trojan and viruses can deliver such a peice of hidden background software, so scan your system regularly! One port SMTP (25) is for other computers to connect to for sending mail (SMTP). The other one (110) is for other computers to connect to retreive the mail (POP3) This is normal, but then again, nothing on Winblows ever is. -Patrick Best -----Original Message----- From: joe [mailto:joseph.beard () btopenworld com] Sent: January 7, 2003 7:45 PM To: security-basics () securityfocus com Subject: ghostly mail ports Hi, im new to security and this is my first post, so be gentle :) I have a fairly good understanding of the tcp/ip model and i think i understand what ports are for! but i cant understand that on my box, i have the 2 default mail ports (25 and 110) open. Its a windows 2000 box, service pack three. Im pretty sure im not running a mail server of any description. The ports appear in box scanline and superscan eg C:\>sl -bht 1-1000 192.168.0.1 ScanLine (TM) 1.01 Copyright (c) Foundstone, Inc. 2002 http://www.foundstone.com Scan of 1 IP started at Wed Jan 08 00:36:51 2003 ---------------------------------------------------------------------------- - 192.168.0.1 Responded in 0 ms. 0 hops away Responds with ICMP unreachable: No TCP ports: 25 110 135 139 445 ---------------------------------------------------------------------------- - Scan finished at Wed Jan 08 00:37:09 2003 1 IP and 1000 ports scanned in 0 hours 0 mins 18.16 secs but in netstat, activeports, fport they dont! does anybody know where they have come from? i googled for ages but dont seem to be getting anywhere. thanks joe
Current thread:
- ghostly mail ports joe (Jan 09)
- Re: ghostly mail ports Brian Bruns (Jan 10)
- Re: ghostly mail ports KEvin (Jan 10)
- RE: ghostly mail ports David Gillett (Jan 10)
- RE: ghostly mail ports Brian Bruns (Jan 10)
- Re: ghostly mail ports Florian Hobelsberger / BlueScreen (Jan 10)
- Re: ghostly mail ports adam (Jan 11)
- Re: ghostly mail ports John Jasen (Jan 11)
- Re: ghostly mail ports Don Voss (Jan 11)
- Re: ghostly mail ports GSimmonds (Jan 14)
- <Possible follow-ups>
- RE: ghostly mail ports Security Newsletters-TM (Jan 10)
- Re: ghostly mail ports joe (Jan 10)
- Re: ghostly mail ports Brian Bruns (Jan 13)