aspkl7138 Posted June 19, 2007 Share Posted June 19, 2007 I am a server administrator. Some client is spammer, but another is not. How can I know which once are spammers to move them out my server? Thank you very much! Link to comment Share on other sites More sharing options...
Telarin Posted June 19, 2007 Share Posted June 19, 2007 You would need to check your mail logs, paying particular attention to the number of email being sent by each user. Most mail packages will generate some kind of weekly or monthly summary for you. If you see someone that appears to be sending a large amount of mail, you should check your logs in more detail. You should also make sure that you are receiving, reading, and acting on all abuse reports sent out by spamcop, and other anti-spam services, as they will be a good early heads-up that you have a problem. These reports will only help you if you are stamping the original sending IP address of your client in the mail headers so that you can trace a particular spam email back to the original sender. Link to comment Share on other sites More sharing options...
Wazoo Posted June 19, 2007 Share Posted June 19, 2007 this does not appear to have anything to do with a SpamCop.net e-mail account. Moving to the Lounge area with this post. Link to comment Share on other sites More sharing options...
Merlyn Posted June 20, 2007 Share Posted June 20, 2007 I am a server administrator. Some client is spammer, but another is not. How can I know which once are spammers to move them out my server? Thank you very much! I suggest you get another server administrator Link to comment Share on other sites More sharing options...
Farelf Posted June 20, 2007 Share Posted June 20, 2007 As Will says, ...You should also make sure that you are receiving, reading, and acting on all abuse reports sent out by spamcop, and other anti-spam services, as they will be a good early heads-up that you have a problem. These reports will only help you if you are stamping the original sending IP address of your client in the mail headers so that you can trace a particular spam email back to the original sender.Chúc bạn thà nh công. All we can see from "here" is you are contacting us from Quang Trung Software City netspace, IronPort is aware of just one domain sending mail from there - salan.biz - with monitored output of around 16,000 messages a day from IP address 202.78.227.24. I don't see any significant blocklists with that address in them. Any reports from SpamCop would currently go to - Reporting addresses: tiendung[at]quangtrungsoft.com.vn vovantam[at]quangtrungsoft.com.vn (with "[at]" in place of "[at]") ... and you seem to have everything (in terms of services) locked down at the moment (and you haven't logged in since your initial post). Link to comment Share on other sites More sharing options...
rconner Posted June 20, 2007 Share Posted June 20, 2007 I am a server administrator. Some client is spammer, but another is not. How can I know which once are spammers to move them out my server? Thank you very much! And thank you for taking the time and trouble to look into this! As Telarin suggests, you should certainly check your outgoing mail server's logs. However, if your spamming customers are not using your outgoing mail host to send their spam, they will probably not show up in this search. Most spam today is sent without the aid of an outgoing mail server -- it is sent "direct to MX" by a customer's computer who looks up the MX records of the recipient and sends directly to these MX machines without going through their ISP's outgoing mail system. If you have spam reports (for example from SpamCop) that name a specific IP address, then you should be able to match the IP address, plus the time of the transmission of the spam, to a specific customer of yours who you can then investigate (maybe using DHCP records or some such). -- rick Link to comment Share on other sites More sharing options...
aspkl7138 Posted June 20, 2007 Author Share Posted June 20, 2007 Thank you very much! I will view log file. To Farelf: I am a client of Quang Trung Software City (QTSC). I setup server in QTSC and some data center in Vietnam and USA. Link to comment Share on other sites More sharing options...
aspkl7138 Posted June 20, 2007 Author Share Posted June 20, 2007 As Will says, Chúc bạn thà nh công. All we can see from "here" is you are contacting us from Quang Trung Software City netspace, IronPort is aware of just one domain sending mail from there - salan.biz - with monitored output of around 16,000 messages a day from IP address 202.78.227.24. I don't see any significant blocklists with that address in them. Any reports from SpamCop would currently go to - Reporting addresses: tiendung[at]quangtrungsoft.com.vn vovantam[at]quangtrungsoft.com.vn (with "[at]" in place of "[at]") ... and you seem to have everything (in terms of services) locked down at the moment (and you haven't logged in since your initial post). How to you do to see "salan.biz - with monitored output of around 16,000 messages a day from IP address 202.78.227.24"? I have more 10 servers, if I have a tool to monitor, It is very good for me. Thank you! Link to comment Share on other sites More sharing options...
Wazoo Posted June 20, 2007 Share Posted June 20, 2007 How to you do to see "salan.biz - with monitored output of around 16,000 messages a day from IP address 202.78.227.24"? http://www.senderbase.org/senderbase_queri...g=202.78.227.24 SenderBase's "Magnitude" Explained Link to comment Share on other sites More sharing options...
Farelf Posted June 21, 2007 Share Posted June 21, 2007 ... and you seem to have everything (in terms of services) locked down at the moment ...And to explain that comment============================================= Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 25 (smtp service): LISTENING Data returned from port: 220-qtsc-linux2.salan.biz ESMTP Exim 4.66 #1 Thu, 21 Jun 2007 08:05:45 +0700 220-We do not authorize the use of this system to transport uÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ UDP port 25 (unknown service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 25 -p BOTH exits with return code 0x00000001. Starting portqry.exe -n 202.78.227.24 -e 135 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 135 (epmap service): FILTERED portqry.exe -n 202.78.227.24 -e 135 -p TCP exits with return code 0x00000002. ============================================= Starting portqry.exe -n 202.78.227.24 -e 389 -p BOTH ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 389 (ldap service): NOT LISTENING UDP port 389 (unknown service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 389 -p BOTH exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 636 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 636 (ldaps service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 636 -p TCP exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 3268 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 3268 (unknown service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 3268 -p TCP exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 3269 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 3269 (unknown service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 3269 -p TCP exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 53 -p BOTH ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 53 (domain service): LISTENING UDP port 53 (domain service): LISTENING portqry.exe -n 202.78.227.24 -e 53 -p BOTH exits with return code 0x00000000. ============================================= Starting portqry.exe -n 202.78.227.24 -e 88 -p BOTH ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 88 (kerberos service): NOT LISTENING UDP port 88 (kerberos service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 88 -p BOTH exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 445 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 445 (microsoft-ds service): FILTERED portqry.exe -n 202.78.227.24 -e 445 -p TCP exits with return code 0x00000002. ============================================= Starting portqry.exe -n 202.78.227.24 -e 137 -p UDP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... UDP port 137 (netbios-ns service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 137 -p UDP exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 138 -p UDP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... UDP port 138 (netbios-dgm service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 138 -p UDP exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 139 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 139 (netbios-ssn service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 139 -p TCP exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 42 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 42 (nameserver service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 42 -p TCP exits with return code 0x00000001. Starting portqry.exe -n 202.78.227.24 -e 1723 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 1723 (pptp service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 1723 -p TCP exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 53 -p BOTH ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 53 (domain service): LISTENING UDP port 53 (domain service): LISTENING portqry.exe -n 202.78.227.24 -e 53 -p BOTH exits with return code 0x00000000. ============================================= Starting portqry.exe -n 202.78.227.24 -e 67 -p BOTH ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 67 (unknown service): NOT LISTENING UDP port 67 (bootps service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 67 -p BOTH exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 137 -p BOTH ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 137 (netbios-ns service): NOT LISTENING UDP port 137 (netbios-ns service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 137 -p BOTH exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 161-162 -p UDP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... UDP port 161 (snmp service): NOT LISTENING UDP port 162 (snmptrap service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 161-162 -p UDP exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 1745 -p UDP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... UDP port 1745 (unknown service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 1745 -p UDP exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 389,379,390,3268 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 389 (ldap service): NOT LISTENING TCP port 379 (unknown service): NOT LISTENING TCP port 390 (unknown service): NOT LISTENING TCP port 3268 (unknown service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 389,379,390,3268 -p TCP exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 636,3269 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 636 (ldaps service): NOT LISTENING TCP port 3269 (unknown service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 636,3269 -p TCP exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 143 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 143 (imap service): LISTENING Data returned from port: * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] CouriÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ portqry.exe -n 202.78.227.24 -e 143 -p TCP exits with return code 0x00000000. ============================================= Starting portqry.exe -n 202.78.227.24 -e 993 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 993 (unknown service): LISTENING portqry.exe -n 202.78.227.24 -e 993 -p TCP exits with return code 0x00000000. ============================================= Starting portqry.exe -n 202.78.227.24 -e 110 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 110 (pop3 service): LISTENING Data returned from port: +OK Hello there. portqry.exe -n 202.78.227.24 -e 110 -p TCP exits with return code 0x00000000. ============================================= Starting portqry.exe -n 202.78.227.24 -e 995 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 995 (unknown service): LISTENING portqry.exe -n 202.78.227.24 -e 995 -p TCP exits with return code 0x00000000. ============================================= Starting portqry.exe -n 202.78.227.24 -e 119 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 119 (nntp service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 119 -p TCP exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 563 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 563 (unknown service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 563 -p TCP exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 80 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 80 (http service): LISTENING portqry.exe -n 202.78.227.24 -e 80 -p TCP exits with return code 0x00000000. ============================================= Starting portqry.exe -n 202.78.227.24 -e 443 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 443 (https service): LISTENING portqry.exe -n 202.78.227.24 -e 443 -p TCP exits with return code 0x00000000. ============================================= Starting portqry.exe -n 202.78.227.24 -e 25 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 25 (smtp service): LISTENING Data returned from port: 220-qtsc-linux2.salan.biz ESMTP Exim 4.66 #1 Thu, 21 Jun 2007 08:09:31 +0700 220-We do not authorize the use of this system to transport uÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ portqry.exe -n 202.78.227.24 -e 25 -p TCP exits with return code 0x00000000. ============================================= Starting portqry.exe -n 202.78.227.24 -e 465 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 465 (unknown service): LISTENING portqry.exe -n 202.78.227.24 -e 465 -p TCP exits with return code 0x00000000. ============================================= Starting portqry.exe -n 202.78.227.24 -e 691 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 691 (unknown service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 691 -p TCP exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 80 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 80 (http service): LISTENING portqry.exe -n 202.78.227.24 -e 80 -p TCP exits with return code 0x00000000. ============================================= Starting portqry.exe -n 202.78.227.24 -e 6667 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 6667 (unknown service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 6667 -p TCP exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 994 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 994 (unknown service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 994 -p TCP exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 135 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 135 (epmap service): FILTERED portqry.exe -n 202.78.227.24 -e 135 -p TCP exits with return code 0x00000002. ============================================= Starting portqry.exe -n 202.78.227.24 -e 1503 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 1503 (unknown service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 1503 -p TCP exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 522 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 522 (unknown service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 522 -p TCP exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 1720 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 1720 (unknown service): FILTERED portqry.exe -n 202.78.227.24 -e 1720 -p TCP exits with return code 0x00000002. ============================================= Starting portqry.exe -n 202.78.227.24 -e 1731 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 1731 (unknown service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 1731 -p TCP exits with return code 0x00000001. ============================================= Starting portqry.exe -n 202.78.227.24 -e 53 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 53 (domain service): LISTENING portqry.exe -n 202.78.227.24 -e 53 -p TCP exits with return code 0x00000000. ============================================= Starting portqry.exe -n 202.78.227.24 -e 80 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 80 (http service): LISTENING portqry.exe -n 202.78.227.24 -e 80 -p TCP exits with return code 0x00000000. ============================================= Starting portqry.exe -n 202.78.227.24 -e 20-21 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 20 (ftp-data service): NOT LISTENING TCP port 21 (ftp service): LISTENING Data returned from port: 220---------- Welcome to Pure-FTPd [TLS] ---------- 220-You are user number 8 of 50 allowed. 220-Local time is now 08:24. Server port: 21. ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ 220-IPv6 connections are also welcome on this server. 220 You will be disconnected after 15 minutes of inactivity. portqry.exe -n 202.78.227.24 -e 20-21 -p TCP exits with return code 0x00000000. ============================================= Starting portqry.exe -n 202.78.227.24 -e 25 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 25 (smtp service): LISTENING Data returned from port: 220-qtsc-linux2.salan.biz ESMTP Exim 4.66 #1 Thu, 21 Jun 2007 08:24:59 +0700 220-We do not authorize the use of this system to transport uÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ portqry.exe -n 202.78.227.24 -e 25 -p TCP exits with return code 0x00000000. ============================================= Starting portqry.exe -n 202.78.227.24 -e 110 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 110 (pop3 service): LISTENING Data returned from port: +OK Hello there. portqry.exe -n 202.78.227.24 -e 110 -p TCP exits with return code 0x00000000. ============================================= Starting portqry.exe -n 202.78.227.24 -e 23 -p TCP ... Querying target system called: 202.78.227.24 Attempting to resolve IP address to a name... IP address resolved to salan.biz querying... TCP port 23 (telnet service): NOT LISTENING portqry.exe -n 202.78.227.24 -e 23 -p TCP exits with return code 0x00000001. - using portqry.exe (and a wimp interface - some queries duplicated). ...I have more 10 servers, if I have a tool to monitor, It is very good for me.Ironport's SenderBase was seeing just the one when I looked (Wazoo gave the link) but it is possible to search in other ways like QTSC Domain Name. which "sees" three more. Or Theplanet.com Internet Services which shares some netspace with salan.biz and may or may not be of interest. That search also lists Domains closely associated with THEPLANET.COM INTERNET SERVICES -1069 of them. There may be some in there of interest to you, you might like to explore. Link to comment Share on other sites More sharing options...
GraemeL Posted June 21, 2007 Share Posted June 21, 2007 ... and you seem to have everything (in terms of services) locked down at the moment (and you haven't logged in since your initial post). Took an interest and decided to run a full SYN scan... The SYN Stealth Scan took 47.45s to scan 1674 total ports. For OSScan assuming port 1 is open, 2 is closed, and neither are firewalled Host salan.biz (202.78.227.24) appears to be up ... good. Interesting ports on salan.biz (202.78.227.24): (The 1656 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 1/tcp open tcpmux 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 110/tcp open pop3 111/tcp open rpcbind 135/tcp filtered msrpc 143/tcp open imap 443/tcp open https 445/tcp filtered microsoft-ds 465/tcp open smtps 623/tcp filtered unknown 631/tcp open ipp 993/tcp open imaps 995/tcp open pop3s 3306/tcp open mysql Device type: general purpose Running: Linux 2.6.X OS details: Linux 2.6.5 - 2.6.11 The only things I would query are whether txpmux, ipp (internet printing protocol) and rpcbind need to be open. There are cases where they're useful, but they usually aren't needed. Port 623 (not in my /etc/services, so flagged as unknown) is remote management control protocol and I don't really know anything about it. You might want to block it off, or lock it down to specific addresses. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.