[Dshield] netgear rp114 & port 110 open
josh at raintreeinc.com
Sat Feb 14 23:38:19 GMT 2004
> While connected from a clients site, I decided to run a port scan of my
> home system's IP and found port 110 open.
Excellent idea :) Kinda fun, too, I think.
> The system is protected by an
> RP114 with a custom set of rules that are supposed to be block all
> attempts to connect.
> Question is does anyone else here have a RP114 and know why this <1024
> port is scannable/telnetable? I get a nothing entering POP3 commands.yet
> telnet does definitely connect to port 110.
Wierd... You don't have some port forwarding set up, do you? For
example, say you have a rule set up to forward to some internal IP ...
and nothing waiting at that IP for that traffic. It is a *really* long
shot, but it could be that the router OS sucks enough to let telnet
connect despite the lack of a waiting box on the other side.
> Could this be Comcast's servers doing some sort of intercept of port 110
> and not my system at all?
Possibly; it probably wouldn't be all that difficult... any thoughts as
to why they would care, though? My understanding is Comcast (with whom I
have no personal experience, I admit) isn't the most responsive when it
comes to security. Hijacking their users' ports is an interesting thing
to do if you don't particularly care about security.
> Is there a way I can grab remote MAC & see if
> it's my RP114?
Not really. As soon as the packet crosses from your home router into
some other collision domain, the source MAC gets changed, and the
original is forgotten.
> I know the IP is correct as I have the daily logs sent to
> me and that is the IP from last nights log.
So you have some other options... 1) Go to someone else's network
outside of Comcast and try the same scan again -- see if you get the
same results (you probably will). 2) I don't know what your router is
logging specifically, but you can do some noisy scan or something that
will show up in the logs and then check the next email your router sends
you to see if it really is in there. 3) If you have the hardware
available, pull your router out for a while and put it between two boxen
with sniffers, nmap, etc., and hammer on it to see what you can find out.
> Joshua MacCraw
> warpmedia at comcast.net
More information about the list