[Dshield] netgear rp114 & port 110 open

Stephane Grobety security at admin.fulgan.com
Mon Feb 16 14:47:14 GMT 2004


TM> its possible ur costumer have symantec norton antivirus installed.
TM> the antivirus engine have a port forward to 110.

What do you mean by a "port forward" ? The words "Port forwarding" is
used for the technique that consist of having a machine forward any or
all connections it accepts on a specific port to another machine. It's
mostly used in NAT devices so that you can place a server on the
internal network.

Also, the port number is not enough to know what you're trying to do
(it's actually pretty useless). What protocol is it using ? I guess
you're talking about TCP (and will assume so) but please be specific.

TM> When u scan a ip the port 110 is always open. u can test this with a non
TM> existent ip in the customer network, u will see the port 110 is open.

Depending on how the router behaves (if it's actually poxying the
connection instead of simply forwarding the packets) the this is
normal. Since port TCP/110 is POP3, it could very well be that the
router is trying to act as a relay system.

Otherwise, could you explain exactly what you're doing and
what you are seeing ?

TM> I think the port 110 is not open on ur home router. make a internet based
TM> portscan from ur home pc, for example use the gibson research scanner
TM> Shields UP (www.grc.com).

Ah Gibson...

*brr* Let's shy away from this sensitive "subject"...

But you mentioned doing a portscan from an external machine: what
kind of portscan are you doing ? SYN ? Full TCP connect ? If you
connect to that port, are you seeing a banner ? If so, what does it
read ? Are you using NAT ? Are you running a SERVER or trying to
connect as a client ? Could you check the words you're using to be
sure that they mean what you want them to mean (ahem... ok, I got a
bit carried away with this one ;) )

I think you must explain what you're doing and seeing in much more
detail if you want any specific answers.

Good luck,
Stephane





More information about the list mailing list