Are you running an antivirus package that checks incoming and outgoing email messages? If so, it may be reconfiguring things in the background so that your email client connects locally to the antivirus package, which then makes the actual SMTP and POP connections to the remote server(s) you use. The first generation of such packages weren't good at hiding they were doing, or at explaining it to users -- and as a result, a lot of mid-range users were stumbling across weird-looking email configurations and "fixing" them, not realizing they were actually breaking the antivirus protection they had installed. The newer generation of products seem to have simply gotten much better at hiding themselves. But if they hid themselves perfectly, they couldn't work at all....
Dave Gillett > -----Original Message----- > From: joe [mailto:[EMAIL PROTECTED]] > Sent: January 7, 2003 16:45 > To: [EMAIL PROTECTED] > Subject: ghostly mail ports > > > Hi, im new to security and this is my first post, so be gentle :) > > I have a fairly good understanding of the tcp/ip model and i think i > understand what ports are for! but i cant understand that on > my box, i have > the 2 default mail ports (25 and 110) open. Its a windows > 2000 box, service > pack three. Im pretty sure im not running a mail server of > any description. > > The ports appear in box scanline and superscan eg > > C:\>sl -bht 1-1000 192.168.0.1 > ScanLine (TM) 1.01 > Copyright (c) Foundstone, Inc. 2002 > http://www.foundstone.com > > Scan of 1 IP started at Wed Jan 08 00:36:51 2003 > > -------------------------------------------------------------- > -------------- > - > 192.168.0.1 > Responded in 0 ms. > 0 hops away > Responds with ICMP unreachable: No > TCP ports: 25 110 135 139 445 > > > -------------------------------------------------------------- > -------------- > - > > Scan finished at Wed Jan 08 00:37:09 2003 > > 1 IP and 1000 ports scanned in 0 hours 0 mins 18.16 secs > > but in netstat, activeports, fport they dont! does anybody > know where they > have come from? i googled for ages but dont seem to be > getting anywhere. > > > > thanks > > joe > >
