Check out the installed Windows Services:
Start => Control Panel => Add/Remove Programs => Add/Remove Windows
Components => IIS Services.
If you've updated any IIS services on that box, you may have
accidentally included the default SMTP Server.
Just an idea.
jmb
-----Original Message-----
From: dave kleiman [mailto:dave_at_isecureu.com]
Sent: Tuesday, March 08, 2005 10:29 PM
To: 'Peter Rodger'; security-basics_at_securityfocus.com
Subject: RE: Port open - help
Peter,
Have you tried to identify what process is listening on those ports:
Netstat -ano
Tcpview http://www.sysinternals.com/ntw2k/source/tcpview.shtml
Vision
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subc
onte
nt=/resources/freetools.htm
CurrPorts http://nirsoft.mirrorz.com/
Regards,
___________________________________________________
Dave Kleiman, CIFI, CISM, CISSP, ISSAP, ISSMP, MCSE
www.SecurityBreachResponse.com www.ComputerForensicInvestigations.com
-----Original Message-----
From: Peter Rodger [mailto:prodger2008_at_yahoo.com]
Sent: Tuesday, March 08, 2005 13:27
To: security-basics_at_securityfocus.com
Subject: Port open - help
Hi, all
I just use nmap to scan our Citrix servers and found out ports 25 aqnd
110 open through public addresses. I can use telnet ip 25/110 and ports
are open. But, no 25/110 services are installed on the Citrix servers.
I used nmap to scan the Citrix servers using internal IP and ports
25/110 are not open. We use PIX 500 as a firewall.
I did not open 25/110 for the Citrix servers on the firewall. Why are
25/110 ports open and how do I solve them?
Thanks for any help!
Peter
__________________________________
Celebrate Yahoo!'s 10th Birthday!
Yahoo! Netrospective: 100 Moments of the Web
http://birthday.yahoo.com/netrospective/
Received on Mar 10 2005
Intro
