Why are Ports 110 and 25 always online?

Created 2005-07-06 by Rainer Gerhards

I have port-scaned a machine known to be offline, but the scan shows ports 25 and 110 as being alive.This is a little bit confusing...

If you have Norton Antivirus (or a similar product) installed, it might be the reason. Norton is a so-called transparent proxy, which accepts all connection requests to port 25 and 110 to perform email virus checking. The bad thing about this is that you will never be able to talk to the ultimate destination but only to your local anti-virus proxy.

Obviously, this behaviour is by design of the Anti-Virus software. Also obviously, you can work around this issue by disabling the email virus protection. Even though this works, we can not recommend weakoning your protection against the ever-increasing malware stream.

As such, it is best to either not use port 25 and 110 probes (and rely on ping, though not as efficient) or run AliveMon on a different system, which does not need the email protection.

Another, probably better, solution is to work with query and response strings, which are passed on to the ultimate destination. We will provide a detailled guide on how to do that somewhat later. If you experience this issue and the guide is not yet online, please email support.

AliveMon - Monitor your Servers and Routers
 Product Info
General Information
Order and Pricing
News Releases
Version History
Product Tour
 - Screenshots
 - All
 - General questions
 - Configuration related
Seminars Online
 - All
 Order & pricing
 Contact Us
 Data privacy policy

Printer Version Send this page to a friend

Copyright © 1988-2005 Adiscon GmbH All rights reserved.
Contact us via Secure Web Response | Privacy Policy
Topic Links: syslog