I recently scanned some of my computers with a languard beta scanner that I have been using for years. And then scanned some computers on my subnet and then on other subnets. They all showed ports 25 and 110 open. Since I never got false results from my languard beta in years, I immediately suspected that all of these computers were infected with some type of spam bot. I picked out one machine and installed every type of free port monitor on it that I could find. All results showed that that the ports 25 and 110 are not open. I think our firewall guys, they just started installing and learning about firewalls, have it setup so that the firewall intercepts any telnet session to 25 or 110 and gives it a window. Is this possible?
I have not tried moving my languard beta scanner outside the firewall to test the ports. On another note, a few years ago, I used the languard scanner to look for a trojan that was infecting computers and found a port open on a linux machine that corresponded to the port the trojan was infecting. Come to find out, the linux machine was using some type of proprietary software that used the same port as the trojan. We said, eh ok, you are clean, you can get back on the network. At 02:47 PM 4/9/2009, Derek Lidbom wrote: >Are they UDP ports? > >Does it say immediately after it checks them that they are closed again? > >My guess would be Languard see the port number >and immediately associates with Trojan, without >checking to see if it is udp or tcp. > > > >From: David Lum [mailto:david....@nwea.org] >Sent: Thursday, April 09, 2009 2:42 PM >To: NT System Admin Issues >Subject: RE: Too to find what .exe has a port open > >NETSTAT I shoulda known > >Netstat ano shows nothing in that range. > >Hey, if you have TCPView running when you also >run a Nessus scan on same system now thats funny right there > >Nessus shows nothing, TCPView shows nothing, >NETSTAT shows nothing only Languard shows something at those ports > >Dave > >From: Michael B. Smith [mailto:mich...@owa.smithcons.com] >Sent: Thursday, April 09, 2009 11:23 AM >To: NT System Admin Issues >Subject: RE: Too to find what .exe has a port open > >KISS > >"netstat -ano". The "o" gives you the process >owning the port, which you can use TaskList or Task Manager to find. > >If it isn't in the list - you've been pwned. (probably) > > >---------- >From: David Lum [david....@nwea.org] >Sent: Thursday, April 09, 2009 2:22 PM >To: NT System Admin Issues >Subject: RE: Too to find what .exe has a port open >Perfect thanks! > >Now I have something, or not GFI Languard >scanned a machine that says I have two KiLo >ports open (6666,6667). TCPView shows nothing in that range .comments? > >Dave > >From: Jake Gardner [mailto:jgard...@ttcdas.com] >Sent: Thursday, April 09, 2009 11:12 AM >To: NT System Admin Issues >Subject: RE: Too to find what .exe has a port open > >TCPView from SysInternals > >Thanks, > >Jake Gardner >TTC Network Administrator >Ext. 246 > > > >---------- >From: David Lum [mailto:david....@nwea.org] >Sent: Thursday, April 09, 2009 2:09 PM >To: NT System Admin Issues >Subject: Too to find what .exe has a port open >I have tools that tell me WHAT port is open, but >nothing to tell me what app has the port open. >What do you guys use? (yes probably discussed here before ) >David Lum // SYSTEMS ENGINEER >NORTHWEST EVALUATION ASSOCIATION >(Desk) 971.222.1025 // (Cell) 503.267.9764 > > > > > >***Teletronics Technology Corporation*** >This e-mail is confidential and may also be >privileged.? If you are not the addressee or >authorized by the addressee to receive this >e-mail, you may not disclose, copy, distribute, >or use this e-mail. If you have received this >e-mail in error, please notify the sender >immediately by reply e-mail or by telephone at >267-352-2020 and destroy this message and any copies.? > >Thank you. > >******************************************************************* > > > > > > > > > > > > > >~~~~~~~~~~~~~~~~~~~~~~~~~~~ >Derek Lidbom >Director of Technology and Interactive Development, Trone >336.812.2010 >dlid...@trone.com > >Confidentiality Notice: This e-mail >communication and any attachments may contain >confidential and privileged information for the >use of the designated recipients named >above. If you are not the intended recipient, >you are hereby notified that you have received >this communication in error and that any review, >disclosure, dissemination, distribution or >copying of it or its contents is prohibited. If >you have received this communication in error, >please notify me immediately by replying to this >message and deleting it from your computer. Thank you. > > > > > --------Andy-Ofalt---863-3449------405-Ag-Admin-Bldg------for more information go to http://ict.cas.psu.edu/Contacts.html ---------- My little blurb to eat up bandwidth and make your mail box even larger +++++++++++++++++++++++++++++++++++++++++++++++++++ The real problem is that IP, a connectionless protocol, was never developed to be the universal protocol. ATM was developed to serve that purpose and failed. +++++++++++++++++++++++++++++++++++++++++++++++++++ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
