[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 866
  • Last Modified:

Port 110 should be closed, but shows open.

I've been fighting with this for a while.  I have a firewall on our Netopia router.  I have blocked port 110 for incomming and outgoing connections, also I have NAT enabled on this router and I am not translating port 110 to anything.

Still when I run a port scan I show that port 110 is open, but when I telnet the port it opens a connection but is just a blank screen.

I am afraid that it is a trojan horse, but I do not know how to find out what machine on our network has it.  Any suggestions will be greatly appreciated.

Thank you,

Fernando.
0
JFercan
Asked:
JFercan
  • 3
  • 2
  • 2
  • +2
1 Solution
 
Nemesis-ServicesCommented:
when you do a port scan, are you port scanning the firewall router ? also when you telnet into port 110 is this also the router ip address?

Also look at The Display/Change Input Filter screen and it will list ports that the firewall router is actively using / listening on.
0
 
JFercanAuthor Commented:
Yes, I do scan the firewall router.  Also I do telnet to port 110 of the router, but as I said, I do not see anything, not event what I type (Only uderscores are shown when I type).

When I look at Display/Change Input Filter I only see my input rules, I do not see if the port is active at that time or not.

Port port 110 I have the following:

Source: 0.0.0.0
Dest:     0.0.0.0
Prot:      TCP
Source:  NC
Dest:     =110
On:        Yes
Fwd:       No

I thought this will block that port, but it still shows open, then I thought a machine from the inside was opening the port, so I create an output filter to block this port, but it still shows open on my scan.

Thank you,

Fernando.
0
 
Nemesis-ServicesCommented:
go into the filter rule and take off port 110 and then submit the changes and also switch off the router as I've noticed that a reboot of the router doesn't take the neccessary changes and then try a scan again.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
JFercanAuthor Commented:
I did and it still shows open.

Woudl having port 25 open and routed to our SMTP server make a difference?  We are running Qmail on Redhat 8 (I am thinking of upgrading).  Anyway, the router uses NAT to send requests on 25 to this machine, I still do not know what machine port 110 goes to as I do not have a map for this port.

Is there a trojan that opens this port from the inside?

Thank you.

Fernando
0
 
Julian_CCommented:
No, my guess is it's the Virus scanner you are running from the machine you are doing the scan from. As this AV catches all incoming and outgoing mails it messes with port scans and it is very common to get 110 and/or  25 open for every client you ever scan. Try disabling it (service and everything to make sure) and have another go. And make sure your not behind a client FW either as these can mess you up too.

Cheers
Julian
0
 
idyllicsysCommented:
Are you scanning from inside the firewall or outside? Try going to grc.com and run shields up to see if it is open to the world.
0
 
JFercanAuthor Commented:
Thank you Julian_C,

As soon as I disable Norton's Email Scanner the ports stopped showing open.  After I enabled it again the ports showed open again.

Thank you for your help.

Fernando!
0
 
Julian_CCommented:
No problem. I speak from experience! Had me going for a while too.

Cheers
Julian
0
 
nummagumma2Commented:
Great answer - thank you, just kept me from having a heart attack about my firewall(s). =)
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now