The Planet Forums > Question on ports 993 and 995. You around Huck?

Full Version: Question on ports 993 and 995. You around Huck?

The Planet Forums > Control Panels > Plesk

Trinity

May 17 2002, 09:35 AM

After scanning my ports I noticed that I seem to have a couple of ports open that others have not listed as being open on their server, ports 993 and 995. Should I be concerned about that or any of the open ports listed here?

QUOTE

21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop-3
143/tcp open imap2
443/tcp open https
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql

madsere

May 17 2002, 09:40 AM

You already answered that yourself

CODE

993/tcp open imaps

^^^^^

995/tcp open pop3s

^^^^^

993 and 995 is imaps and pop3s respectively (secure imap and secure pop3). If you don't need it you can disable them in /etc/xinetd.d/...

The rest of the ports are just standard stuff, nothing I'd worry about.

huck

May 17 2002, 10:27 AM

imaps and pops are SSL/TLSencrypted pop3 and imap servers. If your mail client supports SSL/TLS then, you way want to use these as they keep your passwords from being sent as plain text.

I find it amazing that there has been so much hype over ftp/telnet password sniffing and relatively little hype over pop/imap password sniffing. Using ettercap and some other tools, I recently lifted 30 passwords off a network in 10 minutes.

aussie

May 17 2002, 10:55 AM

QUOTE

Originally posted by huck
imaps and pops are SSL/TLSencrypted pop3 and imap servers. If your mail client supports SSL/TLS then, you way want to use these as they keep your passwords from being sent as plain text.

I find it amazing that there has been so much hype over ftp/telnet password sniffing and relatively little hype over pop/imap password sniffing. Using ettercap and some other tools, I recently lifted 30 passwords off a network in 10 minutes.

Im questioning something i found open on my system yesterday. Port 119. Never seen it before, well i didnt notice it till now anyway. Does anyone know what this may be?

madsere

May 17 2002, 10:59 AM

You can always check /etc/services:

CODE

$ grep 119 /etc/services

nntp 119/tcp readnews untp # USENET News Transfer Protocol

nntp 119/udp readnews untp # USENET News Transfer Protocol

You running a news server?

huck

May 17 2002, 11:02 AM

For port info:
http://www.portsdb.org

Also, if you suspect hacker activity, then you should always make sure that the port you see open is actually running. For example, a trojan could be (though not likely) running on port 119. If your nntp is not configured to start up, then something is using that port.

aussie

May 17 2002, 11:03 AM

QUOTE

Originally posted by madsere
You can always check /etc/services:
CODE
$ grep 119 /etc/services

nntp 119/tcp readnews untp # USENET News Transfer Protocol

nntp 119/udp readnews untp # USENET News Transfer Protocol

You running a news server?

Thats a negative but i think on of my user sites is

Trinity

May 17 2002, 03:30 PM

QUOTE

Originally posted by huck
... I find it amazing that there has been so much hype over ftp/telnet password sniffing and relatively little hype over pop/imap password sniffing. Using ettercap and some other tools, I recently lifted 30 passwords off a network in 10 minutes.

From reading these Forums I have learned to secure my passwords by switching from FTP/Telnet to SSH. Huck how can we keep our pop/imap passwords from being taken? Please tell me how this is done...

Thank You!

dodekaedr

May 17 2002, 04:06 PM

QUOTE

Originally posted by Trinity

From reading these Forums I have learned to secure my passwords by switching from FTP/Telnet to SSH. Huck how can we keep our pop/imap passwords from being taken? Please tell me how this is done...

Thank You!

http://ettercap.sourceforge.net

You must use the SSH protocol v2.
--
DODEKAEDR

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.