Hi i read a similar problem in a newsgroup some days ago, it seems that the person who posted it had a firewall/virus scanner (norton i think) and that the virus scanner was watching incoming (and departing) mail, thus waiting on the ports 25 and 110.
Have you tried tcpview from sysinternal ? it's a good utility that could be helpful to determine what application is listening ... KEvin ----- Original Message ----- From: "joe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, January 08, 2003 1:45 AM Subject: ghostly mail ports > Hi, im new to security and this is my first post, so be gentle :) > > I have a fairly good understanding of the tcp/ip model and i think i > understand what ports are for! but i cant understand that on my box, i have > the 2 default mail ports (25 and 110) open. Its a windows 2000 box, service > pack three. Im pretty sure im not running a mail server of any description. > > The ports appear in box scanline and superscan eg > > C:\>sl -bht 1-1000 192.168.0.1 > ScanLine (TM) 1.01 > Copyright (c) Foundstone, Inc. 2002 > http://www.foundstone.com > > Scan of 1 IP started at Wed Jan 08 00:36:51 2003 > > -------------------------------------------------------------------------- -- > - > 192.168.0.1 > Responded in 0 ms. > 0 hops away > Responds with ICMP unreachable: No > TCP ports: 25 110 135 139 445 > > > -------------------------------------------------------------------------- -- > - > > Scan finished at Wed Jan 08 00:37:09 2003 > > 1 IP and 1000 ports scanned in 0 hours 0 mins 18.16 secs > > but in netstat, activeports, fport they dont! does anybody know where they > have come from? i googled for ages but dont seem to be getting anywhere. > > > > thanks > > joe > > >
