Re: [cwe-lug] mail server not running, yet port open

[Robert Citek]

On Wednesday, Jan 19, 2005, at 09:50 US/Pacific, L. V. Lammert wrote:
Sendmail usually starts by default. Check your running processes:
bash-2.05a$ ps ax
  PID TT   STAT      TIME COMMAND
30553 ??  Is      2:28.19 sendmail: accepting connections (sendmail)
What I did on my home machine was to turn on the services network and 
sshd in runlevel 1 and then 'init 1'.  Despite that, nmap still showed 
smtp open and I was still able to telnet to the mail server.  So I 
ssh'ed to an outside box, that is, outside of the hotel complex I'm 
staying at, and redid the nmap:

$ nmap 24.217.196.162
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on cc3-24.217.196.162.charter-stl.com 
(24.217.196.162):
(The 1599 ports scanned but not shown below are in state: filtered)
Port       State       Service
22/tcp     open        ssh
80/tcp     closed      http

Nmap run completed -- 1 IP address (1 host up) scanned in 177 seconds
That looks normal.  What I suspect is that the hotel is running a proxy 
or doing some fancy routing on port 25 (perhaps others) and redirecting 
outbound connections to their own SMTP server.  Here are two telnet 
sessions which demonstrate what I mean:

From my hotel room.  Notice the 220 line which says 
"vbn.0012209.lodgenet.net" :
$ telnet smtp.charter.net 25
Trying 209.225.8.224...
Connected to mail.charter.net.
Escape character is '^]'.
220 vbn.0012209.lodgenet.net ESMTP Exim 3.34 #1 Wed, 19 Jan 2005 
10:29:12 -0800
quit
221 vbn.0012209.lodgenet.net closing connection
Connection closed by foreign host.

From the box outside the hotel complex.  Notice the 220 line which says 
"smtp.charter.net" :
$ telnet smtp.charter.net 25
Trying 209.225.8.224...
Connected to smtp.charter.net.
Escape character is '^]'.
220 charter.net ESMTP
quit
221 charter.net
Connection closed by foreign host.

I wonder how many other ports are like that?  A poorly routed/proxied 
network at a hotel may explain why we cannot connect to our VPN from 
some locations.

Regards,
- Robert
http://www.cwelug.org/downloads
Help others get OpenSource.  Distribute FLOSS for
Windows, Linux, *BSD, and MacOS X with BitTorrent
_______________________________________________
CWE-LUG mailing list
http://www.cwelug.org/    
CWE-LUG@lists.firepipe.net
http://lists.firepipe.net/listinfo/cwe-lug