[lug] outgoing port 220 exploit?
D. Stimits
stimits at comcast.net
Sat Jan 17 22:13:04 MST 2004
I currently have no use of imap, and routinely block not only incoming
ports that I do not use, but also outgoing ports. It may be that nothing
is wrong here, but I need to track which app is trying to send an
outgoing tcp connect to port 220 on all kinds of machines. Chkrootkit
says things are fine, no mysterious processes show up, I keep things
updated, so on. But it bugs me to not be able to see the ipchains output
tell me exactly what app it is that is that is trying to go to imap. Any
suggestions? I can't seem to find any published info on any exploit that
would cause an outbound port 220 attempt (internal port is always 6129).
I have been unable to find any input chain hits, only output chain.
D. Stimits, stimits AT comcast DOT net
More information about the LUG
mailing list