[Dshield] netgear rp114 & port 110 open

Tom Meier sec-alert at gmx.net
Mon Feb 16 11:01:34 GMT 2004


its possible ur costumer have symantec norton antivirus installed. the
antivirus engine have a port forward to 110.

When u scan a ip the port 110 is always open. u can test this with a non
existent ip in the customer network, u will see the port 110 is open.

I think the port 110 is not open on ur home router. make a internet based
portscan from ur home pc, for example use the gibson research scanner
Shields UP (www.grc.com).




----- Original Message ----- 
From: "warpmedia" <warpmedia at comcast.net>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Saturday, February 14, 2004 10:22 AM
Subject: [Dshield] netgear rp114 & port 110 open


While connected from a clients site, I decided to run a port scan of my
home system's IP and found port 110 open. The system is protected by an
RP114 with a custom set of rules that are supposed to be block all attempts
to connect.

Question is does anyone else here have a RP114 and know why this <1024 port
is scannable/telnetable? I get a nothing entering POP3 commands.yet telnet
does definitely connect to port 110.

Could this be Comcast's servers doing some sort of intercept of port 110
and not my system at all? Is there a way I can grab remote MAC & see if
it's my RP114? I know the IP is correct as I have the daily logs sent to me
and that is the IP from last nights log.



Joshua MacCraw
warpmedia at comcast.net
http://mywebpages.comcast.net/jmaccraw

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list






More information about the list mailing list