Created 2005-07-06 by Rainer Gerhards
I have port-scaned a machine known to be offline, but the scan shows ports 25 and 110 as being alive.This is a little bit confusing...
If you have Norton Antivirus (or a similar product) installed, it might be the reason. Norton is a so-called
transparent proxy, which accepts all connection requests to port 25 and 110 to perform email virus checking. The
bad thing about this is that you will never be able to talk to the ultimate destination but only to your local
Obviously, this behaviour is by design of the Anti-Virus software. Also obviously, you can work around this issue
by disabling the email virus protection. Even though this works, we can not recommend weakoning your
protection against the ever-increasing malware stream.
As such, it is best to either not use port 25 and 110 probes (and rely on ping, though not as efficient) or
run AliveMon on a different system, which does not need the email protection.
Another, probably better, solution is to work with query and response strings, which
are passed on to the ultimate destination. We will provide a detailled guide on how
to do that somewhat later. If you experience this issue and the guide is not yet
online, please email support.