I've just done a firewall test and it came up saying port 110 was open - I use Spam Inspector if that's any help and I'm running Zone Alarm Pro....help!

I've just done a firewall test and it came up saying port 110 was open - I use Spam Inspector if that's any help and I'm running Zone Alarm Pro....help!

AFAIK this port should only be open if you are running a mail server.

Not sure what AV your using but for Nortons 2003.

Norton Personal Firewall 2003 for port 110.

Normally the port is used by e-mail to send and receive mail.

You can configure rules though for port 110.

Open Norton Internet Security window, choose personal firewall.

Choose Configure, then advanced, then general rules then add and the add rule box should appear.

Choose allow internet access and next.

You should then get a new box.

Choose connections to and from other computers and next.

Another box appears and if you are not running a mail server choose "Only the computers and sites listed below" and then add.

You should then see a specify computers box appears..

You can then enter addresses on their own or in a range if you have a network.

You can also limit this to your ISP.

There then should be an option to click and close the box and choose next.

Then you should get a new box where you can select TCP & UDP,

Choose only them types and then add.

You will then get the option to specify ports.

Choose known ports and local and look down the list and tick port 110 and ok.

In the tracking box, wack on tracking options and next and in the next box that shows up give the rule you have just created a name then next and finish.

Look down to the bottom of the rules list and and click the move up button so the rule is at the top and click ok.

Alternatively ignore all of the above if you have not got Nortons etc.

But you can do similar in Zone Alaram as well by creating rules.

:D

I've just done a firewall test and it came up saying port 110 was open - I use Spam Inspector if that's any help and I'm running Zone Alarm Pro....help!

That would be Spam Inspector.

It runs locally on port 110 - your e-mail client then connects to Spam Inspector and SI then connects to your ISP's mail server.

Many anti-spam programmes work this way (such as PopFile which I use).

In Spampal, which sounds a similar product (email proxy), you can configure whether it just listens locally or not. Basically, you set it to listen on 127.0.0.1 and only accept requests from 127.0.0.1 (i.e. localhost).

Ok ok, someone speak english please......I'm running ZAP and Norton AV 2004, how do I deal with this?!?

Ok ok, someone speak english please......I'm running ZAP and Norton AV 2004, how do deal with this?!?

Find the configuration settings for Spam Inspector - look for settings relating to the IP address it listens on and some sort of access control that specifies what IP addresses can connect. Should only listen and allow locally. Sounds like you're providing a service to the Internet :) You could block incoming connections but that would be a bodge and may prevent Spam Inspector from working correctly.

Ok ok, someone speak english please......I'm running ZAP and Norton AV 2004, how do I deal with this?!?

You don't - there is nothing you need to do - it is working as expected.

But can someone get in that way though? It's an open port.

But can someone get in that way though? It's an open port.

Someone has been reading too many security warnings ;) - open port does not equal problem.

Short answer is no - every pop3 server in the world has port 110 open, but I've yet to see anyone hack into them via it - and in this case it's almost certainly only open on your machine anyway - not to anyone else. :D

You don't - there is nothing you need to do - it is working as expected.

I don't see how a firewall test could say that port 110 was open unless you could connect to the port from the Internet, which suggests that an email server or proxy has a "proper" IP address rather than 127.0.0.1 This isn't correct surely :confused:

Someone has been reading too many security warnings ;) - open port does not equal problem.

Short answer is no - every pop3 server in the world has port 110 open, but I've yet to see anyone hack into them via it


Surely that's entirely dependant on the software providing POP services? Flakey software could well expose the host machine to an attack.


- and in this case it's almost certainly only open on your machine anyway - not to anyone else

Heck of an assumption to make! :)

russ do u have an ntl proxy specified?

No - I'm running through pipex...

No - I'm running through pipex...ah k forgot that:dunce:, it certainly look likes 1 app is holding the port open, have u check to make sure the port is actually open using netstat?
you could eliminate the programs 1by1(unless somebody knows a app) and then specify that the programs only connects port 110 to specific ip?

Your mail client is effectivly asking a local port 110 for mail. That then tells ZA to ask the pipex mail server. It drops it into the ZA inspection area, checks it then passes it back to the mail client.

Port 110 has to be open for this to work.

If you look at the pop mail settings in your mail client they will be slightly different to those you may have originally input as ZA has modified them to act in this manner.

Too add a bit further ot the above.

If you need to establish which port and application is running etc.

Try start/run type in command to get you to a dos window.

Then type - netstat -anon

From that list you will PID Numbers.

Leave the dos window open with the list goto control alt delete and task manager click on processes then the view tab then select columns and place tick in PID.

You can then cross reference from the dos window which PID is using which application.

As mentioned above then you can try eliminating to see if any are causing the port to remain open.

:)

Your mail client is effectivly asking a local port 110 for mail. That then tells ZA to ask the pipex mail server. It drops it into the ZA inspection area, checks it then passes it back to the mail client.

Port 110 has to be open for this to work.

If you look at the pop mail settings in your mail client they will be slightly different to those you may have originally input as ZA has modified them to act in this manner.

I have Zone Alarm Pro and Spampal. The latter listens on 127.0.0.1 and only accepts connections from 127.0.0.1. Indeed, if it listens on 127.0.0.1 then it's not able to accept connections from the outside. Installing Zone Alarm didn't change any settings nor would I expect it to. Port 110 only has to be open locally and be locally addressable for everything to work. I can't see why any proxy or server would have to globally addressable in order to work correctly - Apache works fine with 127.0.0.1, for example.

The Bat ---> Spampal ---> ZA ---> NTL MTA
NTL MTA ---> ZA ---> Spampal ---> The Bat

A Shields Up port scan gave my system a "perfect "TruStealth" rating" - i.e. no ports are open. If Russ is scanning and can connect to port 110, then the email proxy is globally addressable and I don't see any reason for this other than if you wanted to provide spam filtering for others.

Look at the settings for the software listening on 110 rather than trying to configure ZA to block the port!

:confused:

Surely that's entirely dependant on the software providing POP services? Flakey software could well expose the host machine to an attack.

Heck of an assumption to make! :)

Tell you what - you show me evidence that a single server anywhere has been hacked into via pop3 on port 110 and I'll believe you. :D

Russ - in a dos box type "netstat -an" - you will get something like below;

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2401 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3709 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3765 0.0.0.0:0 LISTENING
TCP 10.27.2.5:139 0.0.0.0:0 LISTENING
TCP 10.27.2.5:1663 207.46.106.173:1863 ESTABLISHED
TCP 10.27.2.5:2701 0.0.0.0:0 LISTENING
TCP 10.27.2.5:13446 0.0.0.0:0 LISTENING
TCP 127.0.0.1:110 0.0.0.0:0 LISTENING
TCP 127.0.0.1:9090 0.0.0.0:0 LISTENING

Look for the LISTENING entry for Port 110 and tell us if the IP address is 127.0.0.1 (as above).

Tell you what - you show me evidence that a single server anywhere has been hacked into via pop3 on port 110 and I'll believe you. :D


A quick Google and: http://www.cert.org/advisories/CA-1998-08.html

It might not have been done - we'll never know because very few companies are honest about hacks - but that's a long way from "it can't be done" :D

Anyone know how to configure Zone Alarm Pro for port 110? It's still showing up as open....

Go here https://grc.com/x/ne.dll?bh0bkyd2 and click "Proceed". Then click the "Common ports" button. Is 110 open?

All ports are closed by default in ZAP, unless you give a program server permissions or specify firewall-level expert rules. So lets say I misconfigured spampal to accept requests from any user rather than only my PC, and I gave spampal internet server permission in ZAP, then 110 would show as open when scanned from the Internet.

If you've downloaded a piece of software and are using that to scan for open ports, then it will give false results because ports can be open locally but still be inaccessible from the Internet, which is on the other side of your firewall.

That test, just like every other one I do, tells me port 110 is open....

That test, just like every other one I do, tells me port 110 is open....

I just tried telnetting onto port 110 on your ip and got nowhere - maybe the tests are lying, or ZA is protecting you (or maybe your connection is not online atm, I'll try it again tonight when I know you are on).

That test, just like every other one I do, tells me port 110 is open....

Well you must have configured your firewall to allow a program to listen on port 110. Just have to either revoke that permission or find the program and make sure it only listens locally.

Need an aspirin yet Russ? I know I do after reading this.

Can't you just work through ZAP program by program?

He could export his ZAP settings - Overview pane... Preferences tab... Click "Backup". Then post the file here for folks to look at. Not sure how else to resolve this problem - need to know what each program does and what permissions have been given. Don't just click "Yes" at every alert :) Once the program is found, he can then block it and/or reconfigure it to listen locally.

He could export his ZAP settings - Overview pane... Preferences tab... Click "Backup". Then post the file here for folks to look at. Not sure how else to resolve this problem - need to know what each program does and what permissions have been given. Don't just click "Yes" at every alert :) Once the program is found, he can then block it and/or reconfigure it to listen locally.

I see no 'backup'.....

Is it possible that the problem is being caused by Spam Inspector? That's got permanent permission.

I see no 'backup'.....

Is it possible that the problem is being caused by Spam Inspector? That's got permanent permission.

Yes. What permissions does it have? Can you do what I think Pem suggested - netstat /a at the DOS command prompt.

Backup button shown in the attached screenshot. It's a good idea to save your settings just in case something happens :)

Go here https://grc.com/x/ne.dll?bh0bkyd2 and click "Proceed". Then click the "Common ports" button. Is 110 open?

All ports are closed by default in ZAP, unless you give a program server permissions or specify firewall-level expert rules. So lets say I misconfigured spampal to accept requests from any user rather than only my PC, and I gave spampal internet server permission in ZAP, then 110 would show as open when scanned from the Internet.

If you've downloaded a piece of software and are using that to scan for open ports, then it will give false results because ports can be open locally but still be inaccessible from the Internet, which is on the other side of your firewall. I passed on that test!

Go here https://grc.com/x/ne.dll?bh0bkyd2 and click "Proceed". Then click the "Common ports" button. Is 110 open?
hmm. Arcording to the test on this page ive failed the test despite all ports been "stealth" :confused:

hmm. Arcording to the test on this page ive failed the test despite all ports been "stealth" :confused:

If you see the green "Passed" image and all your ports have "Stealth" status then you're alright :)

If you really want to hammer your system you can try the "All service ports" test. There are also the File sharing and Messenger Spam tests that look for weaknesses in Windows, particularly XP.

Have a rummage around the site - lots of free utilities that help you check for and close various vulnerabilities.

All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

Yay me! :D


GRC Port Authority Report created on UTC: 2004-07-01 at 16:11:02

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

1 Ports Open
22 Ports Closed
3 Ports Stealth
---------------------
26 Ports Tested

The port found to be OPEN was: 23

Ports found to be STEALTH were: 21, 25, 80

Other than what is listed above, all ports are CLOSED.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

A router is a useful thing to have... :)