Ports 25, and 110

Hi all,
I ran the TCP Inspector utility on TDS3, in the past it has always shown all ports checked as "failed" however today it shows ports 25 (SMTP) and 110 (POP)
as "connected". I know that these ports are associated with my e mail, but why are they "connected" now, they were not before? is it because I have decided to leave Outlook Express on my computer since I re -installed? (I never used it before because of its bad reputation for e mail virus etc.) I did an online check at "Shields Up" and the check showed that all my ports were "stealth" and that ports 25 and 110 were not open.
I am now "confused". am I at risk?

 

Hi Tut,

They will periodically be in Connected state when checking email. Have you tried repeating your findings to see if they stay consistent? If there is any inconsistency then we can say that this is normal. You might try to use DCS's Port Explorer or Openports to see what is shows across time

 

Hi Dan,
TCP Inspector shows ports 25 & 110 "connected" every time I use it now. Port Explorer dosn`t show port 25 or 110 when I open it.

 

So maybe it is an OE issue then, I can't say since I don't use it. You might need to look at the activity from within Port Explorer or OpenPorts to make sure that those ports are held by OE. Chances are great that they are, otherwise your OE would likely fail to send or receive email unless there were a hacktool holding those ports and "proxying" for OE but that is unlikely. Still, the best thing to do is to confirm which process is holding those ports.

If you want to try with openports you can download from

http://www.diamondcs.com.au/downloads/openports.zip

Unzip openports.exe in your Windows directory, and open up your Command Prompt and type;

openports > openports.txt

and then press the Enter key

Then type;

openports.txt

and press the Enter key again, and then copy the contents of the file in Notepad and paste it here for us to review

 

Hello Dan,
I am running on windows ME so Open Ports is not an option for me. Should I uninstall Outlook Express?
I normaly use yahoo mail, (in the past when I had not got Outlook installed, ports 25 & 110 wre always shown as "failed" in TCP Inspector)

 

Interesting, even with OE installed, if you are not using it those ports should not be held by it. Since you are using 98 the only recourse is to use PortExplorer demo

http://www.diamondcs.com.au/portexplorer/downloads/pedemosetup.exe

You can also try removing OE but if the Inspector results still show the ports are open we are not too much closer to knowing the reason without PortExplorer

 

A big HMMMM for uninstalling OE:
on win9x systems (maybe all windows versions, not sure) windows explorer, internet explorer and outlook express are rather one integrated part, problems in the one can in many cases being solved with a repair install of IE, so i'm not all too sure which instabilities can come of uninstalling any of them. All might be well, or it might be a disaster. Before you do such an experiment, make sure you have a working system restore point.
Did you ever initialise OE or made accounts in it?
The fun of the integration is, if you want some changes in OE, like reading your emails in the Internet Zone, you need to configure such things in IE; to make sure OE is not going to call out for email collection when you're not online in both OE and IE for the standard connection the option should be set to "never choose a connection" so you can browse off line too.
Maybe those reserved or open ports have to do with this structure too.

I use OE all the time with extra email protection and security patching .. i need it to be able to run scripts like msagent scripts

 

Hi all,
I tried TDS TCP Inspector again just now, it still shows ports 25 & 110 as "connected" it would appear to be a permanent state. I am a registered user of Port Explorer, I have just run P.E. but it does not show either port 25 or port 110, which is why I am confused. Surely if a port is "connected" it would show in port explorer?

 

Yes indeed Tut,

either shown as "connected" or "listening". If it is not shown in PE I would be inclined to think that somehow the TDS port inspector is incorrect that that would be strange as well.

 

HI again,
I am still seeing ports 25 & 110 shown as "connected" when using TCP Inspector, but not seeing them when using P.E. I have even uninstalled Sygate firewall, and installed Zone Alarm to see if that made any difference, NO still the same. I guess that will be the permanent state from now on. still all my checks show nothing to be wary about.

 

I have the same issue. TDS3's common port check pluggin always shows port 25 as open. This was never the case before (as in 4 months ago). Also, in Port Explorer port 25 is never listed as connected, listening, open or anything else.

What uppa? Is it a problem with TDS3's common ports check plugin...? Shields-Up and other online security checks report port 25 as stealth.

 

To confirm if a port is indeed open, try using the telnet utility that comes with most operating systems - usually available from the command prompt/console. As long as telnet has appropriate access rights with your firewall then there shouldn't be any problems with a command like this:
telnet <address> <port>
Example: telnet www.diamondcs.com.au 80

For your particular case, try the following ...
telnet 127.0.0.1 25
... but if port 25 really was open, it should be showing in netstat

Best regards,
Wayne

 

Sounds like part of your configuration of Outlook Express and Internet Explorer.
I set it to collect email every 20 minutes and if there is no connection with internet not to go online for that either, emails are sent in those same occasions and not immediately after composing them, and in IE i configured to never dial for making a connection.
So this leaves you with a manual connection to internet and only a few times an hour for the port to be open.
I checked my common ports in that plugin and none open.