Jump to content

How to listing spammer in my server?


aspkl7138

Recommended Posts

Posted

I am a server administrator.

Some client is spammer, but another is not.

How can I know which once are spammers to move them out my server?

Thank you very much!

Posted

You would need to check your mail logs, paying particular attention to the number of email being sent by each user. Most mail packages will generate some kind of weekly or monthly summary for you. If you see someone that appears to be sending a large amount of mail, you should check your logs in more detail.

You should also make sure that you are receiving, reading, and acting on all abuse reports sent out by spamcop, and other anti-spam services, as they will be a good early heads-up that you have a problem. These reports will only help you if you are stamping the original sending IP address of your client in the mail headers so that you can trace a particular spam email back to the original sender.

Posted

this does not appear to have anything to do with a SpamCop.net e-mail account.

Moving to the Lounge area with this post.

Posted

I am a server administrator.

Some client is spammer, but another is not.

How can I know which once are spammers to move them out my server?

Thank you very much!

I suggest you get another server administrator :blush:

Posted

As Will says,

...You should also make sure that you are receiving, reading, and acting on all abuse reports sent out by spamcop, and other anti-spam services, as they will be a good early heads-up that you have a problem. These reports will only help you if you are stamping the original sending IP address of your client in the mail headers so that you can trace a particular spam email back to the original sender.
Chúc bạn thành công.

All we can see from "here" is you are contacting us from Quang Trung Software City netspace, IronPort is aware of just one domain sending mail from there - salan.biz - with monitored output of around 16,000 messages a day from IP address 202.78.227.24. I don't see any significant blocklists with that address in them. Any reports from SpamCop would currently go to -

Reporting addresses:

tiendung[at]quangtrungsoft.com.vn

vovantam[at]quangtrungsoft.com.vn

(with "[at]" in place of "[at]")

... and you seem to have everything (in terms of services) locked down at the moment (and you haven't logged in since your initial post).

Posted

I am a server administrator.

Some client is spammer, but another is not.

How can I know which once are spammers to move them out my server?

Thank you very much!

And thank you for taking the time and trouble to look into this!

As Telarin suggests, you should certainly check your outgoing mail server's logs. However, if your spamming customers are not using your outgoing mail host to send their spam, they will probably not show up in this search.

Most spam today is sent without the aid of an outgoing mail server -- it is sent "direct to MX" by a customer's computer who looks up the MX records of the recipient and sends directly to these MX machines without going through their ISP's outgoing mail system.

If you have spam reports (for example from SpamCop) that name a specific IP address, then you should be able to match the IP address, plus the time of the transmission of the spam, to a specific customer of yours who you can then investigate (maybe using DHCP records or some such).

-- rick

Posted

Thank you very much!

I will view log file.

To Farelf:

I am a client of Quang Trung Software City (QTSC).

I setup server in QTSC and some data center in Vietnam and USA.

Posted

As Will says,

Chúc bạn thành công.

All we can see from "here" is you are contacting us from Quang Trung Software City netspace, IronPort is aware of just one domain sending mail from there - salan.biz - with monitored output of around 16,000 messages a day from IP address 202.78.227.24. I don't see any significant blocklists with that address in them. Any reports from SpamCop would currently go to -

Reporting addresses:

tiendung[at]quangtrungsoft.com.vn

vovantam[at]quangtrungsoft.com.vn

(with "[at]" in place of "[at]")

... and you seem to have everything (in terms of services) locked down at the moment (and you haven't logged in since your initial post).

How to you do to see "salan.biz - with monitored output of around 16,000 messages a day from IP address 202.78.227.24"?

I have more 10 servers, if I have a tool to monitor, It is very good for me.

Thank you!

Posted
... and you seem to have everything (in terms of services) locked down at the moment ...
And to explain that comment
=============================================
Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 25 (smtp service): LISTENING

Data returned from port:
220-qtsc-linux2.salan.biz ESMTP Exim 4.66 #1 Thu, 21 Jun 2007 08:05:45 +0700 

220-We do not authorize the use of this system to transport 
uÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ

UDP port 25 (unknown service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 25 -p BOTH exits with return code 0x00000001.


Starting portqry.exe -n 202.78.227.24 -e 135 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 135 (epmap service): FILTERED
portqry.exe -n 202.78.227.24 -e 135 -p TCP exits with return code 0x00000002.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 389 -p BOTH ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 389 (ldap service): NOT LISTENING

UDP port 389 (unknown service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 389 -p BOTH exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 636 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 636 (ldaps service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 636 -p TCP exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 3268 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 3268 (unknown service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 3268 -p TCP exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 3269 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 3269 (unknown service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 3269 -p TCP exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 53 -p BOTH ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 53 (domain service): LISTENING

UDP port 53 (domain service): LISTENING
portqry.exe -n 202.78.227.24 -e 53 -p BOTH exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 88 -p BOTH ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 88 (kerberos service): NOT LISTENING

UDP port 88 (kerberos service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 88 -p BOTH exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 445 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 445 (microsoft-ds service): FILTERED
portqry.exe -n 202.78.227.24 -e 445 -p TCP exits with return code 0x00000002.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 137 -p UDP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

UDP port 137 (netbios-ns service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 137 -p UDP exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 138 -p UDP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

UDP port 138 (netbios-dgm service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 138 -p UDP exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 139 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 139 (netbios-ssn service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 139 -p TCP exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 42 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 42 (nameserver service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 42 -p TCP exits with return code 0x00000001.

 Starting portqry.exe -n 202.78.227.24 -e 1723 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 1723 (pptp service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 1723 -p TCP exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 53 -p BOTH ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 53 (domain service): LISTENING

UDP port 53 (domain service): LISTENING
portqry.exe -n 202.78.227.24 -e 53 -p BOTH exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 67 -p BOTH ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 67 (unknown service): NOT LISTENING

UDP port 67 (bootps service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 67 -p BOTH exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 137 -p BOTH ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 137 (netbios-ns service): NOT LISTENING

UDP port 137 (netbios-ns service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 137 -p BOTH exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 161-162 -p UDP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

UDP port 161 (snmp service): NOT LISTENING

UDP port 162 (snmptrap service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 161-162 -p UDP exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 1745 -p UDP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

UDP port 1745 (unknown service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 1745 -p UDP exits with return code 0x00000001.

=============================================

 Starting portqry.exe -n 202.78.227.24 -e 389,379,390,3268 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 389 (ldap service): NOT LISTENING

TCP port 379 (unknown service): NOT LISTENING

TCP port 390 (unknown service): NOT LISTENING

TCP port 3268 (unknown service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 389,379,390,3268 -p TCP exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 636,3269 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 636 (ldaps service): NOT LISTENING

TCP port 3269 (unknown service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 636,3269 -p TCP exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 143 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 143 (imap service): LISTENING

Data returned from port:
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT
 THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS]
 CouriÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ
portqry.exe -n 202.78.227.24 -e 143 -p TCP exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 993 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 993 (unknown service): LISTENING
portqry.exe -n 202.78.227.24 -e 993 -p TCP exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 110 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 110 (pop3 service): LISTENING

Data returned from port:
+OK Hello there.


portqry.exe -n 202.78.227.24 -e 110 -p TCP exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 995 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 995 (unknown service): LISTENING
portqry.exe -n 202.78.227.24 -e 995 -p TCP exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 119 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 119 (nntp service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 119 -p TCP exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 563 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 563 (unknown service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 563 -p TCP exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 80 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 80 (http service): LISTENING
portqry.exe -n 202.78.227.24 -e 80 -p TCP exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 443 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 443 (https service): LISTENING
portqry.exe -n 202.78.227.24 -e 443 -p TCP exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 25 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 25 (smtp service): LISTENING

Data returned from port:
220-qtsc-linux2.salan.biz ESMTP Exim 4.66 #1 Thu, 21 Jun 2007 08:09:31 +0700 

220-We do not authorize the use of this system to transport 
uÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ
portqry.exe -n 202.78.227.24 -e 25 -p TCP exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 465 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 465 (unknown service): LISTENING
portqry.exe -n 202.78.227.24 -e 465 -p TCP exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 691 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 691 (unknown service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 691 -p TCP exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 80 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 80 (http service): LISTENING
portqry.exe -n 202.78.227.24 -e 80 -p TCP exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 6667 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 6667 (unknown service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 6667 -p TCP exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 994 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 994 (unknown service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 994 -p TCP exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 135 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 135 (epmap service): FILTERED
portqry.exe -n 202.78.227.24 -e 135 -p TCP exits with return code 0x00000002.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 1503 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 1503 (unknown service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 1503 -p TCP exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 522 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 522 (unknown service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 522 -p TCP exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 1720 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 1720 (unknown service): FILTERED
portqry.exe -n 202.78.227.24 -e 1720 -p TCP exits with return code 0x00000002.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 1731 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 1731 (unknown service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 1731 -p TCP exits with return code 0x00000001.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 53 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 53 (domain service): LISTENING
portqry.exe -n 202.78.227.24 -e 53 -p TCP exits with return code 0x00000000.

=============================================

 Starting portqry.exe -n 202.78.227.24 -e 80 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 80 (http service): LISTENING
portqry.exe -n 202.78.227.24 -e 80 -p TCP exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 20-21 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 20 (ftp-data service): NOT LISTENING

TCP port 21 (ftp service): LISTENING

Data returned from port:
220---------- Welcome to Pure-FTPd [TLS] ----------

220-You are user number 8 of 50 allowed.

220-Local time is now 08:24. Server port: 21.
ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ


220-IPv6 connections are also welcome on this server.

220 You will be disconnected after 15 minutes of inactivity.

portqry.exe -n 202.78.227.24 -e 20-21 -p TCP exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 25 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 25 (smtp service): LISTENING

Data returned from port:
220-qtsc-linux2.salan.biz ESMTP Exim 4.66 #1 Thu, 21 Jun 2007 08:24:59 +0700 

220-We do not authorize the use of this system to transport 
uÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ
portqry.exe -n 202.78.227.24 -e 25 -p TCP exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 110 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 110 (pop3 service): LISTENING

Data returned from port:
+OK Hello there.


portqry.exe -n 202.78.227.24 -e 110 -p TCP exits with return code 0x00000000.
=============================================

 Starting portqry.exe -n 202.78.227.24 -e 23 -p TCP ...


Querying target system called:

 202.78.227.24

Attempting to resolve IP address to a name...


IP address resolved to salan.biz

querying...

TCP port 23 (telnet service): NOT LISTENING
portqry.exe -n 202.78.227.24 -e 23 -p TCP exits with return code 0x00000001.

- using portqry.exe (and a wimp interface - some queries duplicated).

...I have more 10 servers, if I have a tool to monitor, It is very good for me.
Ironport's SenderBase was seeing just the one when I looked (Wazoo gave the link) but it is possible to search in other ways like QTSC Domain Name. which "sees" three more. Or Theplanet.com Internet Services which shares some netspace with salan.biz and may or may not be of interest. That search also lists Domains closely associated with THEPLANET.COM INTERNET SERVICES -1069 of them. There may be some in there of interest to you, you might like to explore.
Posted

... and you seem to have everything (in terms of services) locked down at the moment (and you haven't logged in since your initial post).

Took an interest and decided to run a full SYN scan...

The SYN Stealth Scan took 47.45s to scan 1674 total ports.
For OSScan assuming port 1 is open, 2 is closed, and neither are firewalled
Host salan.biz (202.78.227.24) appears to be up ... good.
Interesting ports on salan.biz (202.78.227.24):
(The 1656 ports scanned but not shown below are in state: closed)
PORT	 STATE	SERVICE
1/tcp	open	 tcpmux
21/tcp   open	 ftp
22/tcp   open	 ssh
25/tcp   open	 smtp
53/tcp   open	 domain
80/tcp   open	 http
110/tcp  open	 pop3
111/tcp  open	 rpcbind
135/tcp  filtered msrpc
143/tcp  open	 imap
443/tcp  open	 https
445/tcp  filtered microsoft-ds
465/tcp  open	 smtps
623/tcp  filtered unknown
631/tcp  open	 ipp
993/tcp  open	 imaps
995/tcp  open	 pop3s
3306/tcp open	 mysql
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.5 - 2.6.11

The only things I would query are whether txpmux, ipp (internet printing protocol) and rpcbind need to be open. There are cases where they're useful, but they usually aren't needed.

Port 623 (not in my /etc/services, so flagged as unknown) is remote management control protocol and I don't really know anything about it. You might want to block it off, or lock it down to specific addresses.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...