Ports 25, and 110

Discussion in 'Trojan Defence Suite' started by tutankamon, Jan 15, 2004.

Thread Status:
Not open for further replies.
  1. tutankamon

    tutankamon Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    170
    Location:
    Lancashire U.K.
    Hi all,
    I ran the TCP Inspector utility on TDS3, in the past it has always shown all ports checked as "failed" however today it shows ports 25 (SMTP) and 110 (POP)
    as "connected". I know that these ports are associated with my e mail, but why are they "connected" now, they were not before? is it because I have decided to leave Outlook Express on my computer since I re -installed? (I never used it before because of its bad reputation for e mail virus etc.) I did an online check at "Shields Up" and the check showed that all my ports were "stealth" and that ports 25 and 110 were not open.
    I am now "confused". am I at risk?
     
  2. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi Tut,

    They will periodically be in Connected state when checking email. Have you tried repeating your findings to see if they stay consistent? If there is any inconsistency then we can say that this is normal. You might try to use DCS's Port Explorer or Openports to see what is shows across time
     
  3. tutankamon

    tutankamon Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    170
    Location:
    Lancashire U.K.
    Hi Dan,
    TCP Inspector shows ports 25 & 110 "connected" every time I use it now. Port Explorer dosn`t show port 25 or 110 when I open it.
     
  4. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    So maybe it is an OE issue then, I can't say since I don't use it. You might need to look at the activity from within Port Explorer or OpenPorts to make sure that those ports are held by OE. Chances are great that they are, otherwise your OE would likely fail to send or receive email unless there were a hacktool holding those ports and "proxying" for OE but that is unlikely. Still, the best thing to do is to confirm which process is holding those ports.

    If you want to try with openports you can download from

    http://www.diamondcs.com.au/downloads/openports.zip

    Unzip openports.exe in your Windows directory, and open up your Command Prompt and type;

    openports > openports.txt

    and then press the Enter key

    Then type;

    openports.txt

    and press the Enter key again, and then copy the contents of the file in Notepad and paste it here for us to review
     
  5. tutankamon

    tutankamon Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    170
    Location:
    Lancashire U.K.
    Hello Dan,
    I am running on windows ME so Open Ports is not an option for me. Should I uninstall Outlook Express?
    I normaly use yahoo mail, (in the past when I had not got Outlook installed, ports 25 & 110 wre always shown as "failed" in TCP Inspector)
     
  6. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Interesting, even with OE installed, if you are not using it those ports should not be held by it. Since you are using 98 the only recourse is to use PortExplorer demo

    http://www.diamondcs.com.au/portexplorer/downloads/pedemosetup.exe

    You can also try removing OE but if the Inspector results still show the ports are open we are not too much closer to knowing the reason without PortExplorer
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    A big HMMMM for uninstalling OE:
    on win9x systems (maybe all windows versions, not sure) windows explorer, internet explorer and outlook express are rather one integrated part, problems in the one can in many cases being solved with a repair install of IE, so i'm not all too sure which instabilities can come of uninstalling any of them. All might be well, or it might be a disaster. Before you do such an experiment, make sure you have a working system restore point.
    Did you ever initialise OE or made accounts in it?
    The fun of the integration is, if you want some changes in OE, like reading your emails in the Internet Zone, you need to configure such things in IE; to make sure OE is not going to call out for email collection when you're not online in both OE and IE for the standard connection the option should be set to "never choose a connection" so you can browse off line too.
    Maybe those reserved or open ports have to do with this structure too.

    I use OE all the time with extra email protection and security patching .. i need it to be able to run scripts like msagent scripts :)
     
  8. tutankamon

    tutankamon Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    170
    Location:
    Lancashire U.K.
    Hi all,
    I tried TDS TCP Inspector again just now, it still shows ports 25 & 110 as "connected" it would appear to be a permanent state. I am a registered user of Port Explorer, I have just run P.E. but it does not show either port 25 or port 110, which is why I am confused. Surely if a port is "connected" it would show in port explorer?
     
  9. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Yes indeed Tut,

    either shown as "connected" or "listening". If it is not shown in PE I would be inclined to think that somehow the TDS port inspector is incorrect that that would be strange as well.
     
  10. tutankamon

    tutankamon Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    170
    Location:
    Lancashire U.K.
    HI again,
    I am still seeing ports 25 & 110 shown as "connected" when using TCP Inspector, but not seeing them when using P.E. I have even uninstalled Sygate firewall, and installed Zone Alarm to see if that made any difference, NO still the same. I guess that will be the permanent state from now on. still all my checks show nothing to be wary about.
     
  11. Snook

    Snook Registered Member

    Joined:
    Jun 19, 2003
    Posts:
    182
    I have the same issue. TDS3's common port check pluggin always shows port 25 as open. This was never the case before (as in 4 months ago). Also, in Port Explorer port 25 is never listed as connected, listening, open or anything else.

    What uppa? Is it a problem with TDS3's common ports check plugin...? Shields-Up and other online security checks report port 25 as stealth. o_O
     
  12. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    To confirm if a port is indeed open, try using the telnet utility that comes with most operating systems - usually available from the command prompt/console. As long as telnet has appropriate access rights with your firewall then there shouldn't be any problems with a command like this:
    telnet <address> <port>
    Example: telnet www.diamondcs.com.au 80

    For your particular case, try the following ...
    telnet 127.0.0.1 25
    ... but if port 25 really was open, it should be showing in netstat

    Best regards,
    Wayne
     
  13. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Sounds like part of your configuration of Outlook Express and Internet Explorer.
    I set it to collect email every 20 minutes and if there is no connection with internet not to go online for that either, emails are sent in those same occasions and not immediately after composing them, and in IE i configured to never dial for making a connection.
    So this leaves you with a manual connection to internet and only a few times an hour for the port to be open.
    I checked my common ports in that plugin and none open.
     
Thread Status:
Not open for further replies.