【求助】為何我掃描自已ADSL的IP竟然有開PORT 25和110



贊助商連結


頁 : [1] 2

language
2005-08-27, 12:17 PM
為何我掃描自已ADSL的IP竟然有開PORT 25和110,我用的是GIGA 的 ADSL
我沒有架站呀!接著我掃描附近範圍的IP竟然也有開PORT 25 和 110 呢?
這到底是為什麼??
我家裡上網通通都是用IP分享器!
http://home.gigigaga.com/lionking168/img/why.jpg

贊助商連結


darcychan2003
2005-08-27, 01:13 PM
不開怎麼收發信咧 :D

Spen
2005-08-27, 01:33 PM
你要寄封信 需要自己開間郵局嗎?

language
2005-08-27, 01:42 PM
理論上有架Mail Server 才會開port 110 和 25 不是嗎?
我自已收發信應該用不到 port 110 和 25 啊??

darcychan2003
2005-08-27, 01:50 PM
對吼 = ="

huseinma
2005-08-27, 02:00 PM
POP3的協定(收信)是用個PORT? SMTP協定(發信)是用那個PORT啊?不開這些PORT如何與伺服器溝通?嗯, 很值得研究一下........

darcychan2003
2005-08-27, 02:17 PM
一開始直覺以為25 110不開怎麼收信 這二個port不是收發信用的嗎

後來看到其他人的文章才想到 這二個port是給mail server在用的

本身電腦不須要這二個port

例如

Proto Local Address Foreign Address State
TCP 192.168.1.12:2504 210.224.186.34:110 TIME_WAIT

自己2504 有開就好 不用開110

這樣想應該對吧

wangcm
2005-08-27, 02:48 PM
一開始直覺以為25 110不開怎麼收信 這二個port不是收發信用的嗎

後來看到其他人的文章才想到 這二個port是給mail server在用的

本身電腦不須要這二個port

例如

Proto Local Address Foreign Address State
TCP 192.168.1.12:2504 210.224.186.34:110 TIME_WAIT

自己2504 有開就好 不用開110

這樣想應該對吧

25:SMTP mail server收信用的

110:mail server讓user抓信下來用的

只要您的PC不是mail server,這兩個port就沒有open(passive open/listen)的道理,除非是Windows(尤其是server版本) default會把這兩個service打開(可在command prompt中下netstat -an,看local address這邊的tcp 25/110 port是否在listen而得知),詳細移除辦法請自行研究(尤其是SMTP,免得被拿來當SPAM relay :|||: ).....BTW,您又說您有用ip sharing,通常ip sharing是沒有主動port forwarding的道理(除非user有明確定義open port/DMZ,不然private LAN上的機器就算有在listen由public internet應該也touch不到 :) ),要是由外部掃您的public ip (通常bind在ip sharing上,private LAN中掃private ip不算)也是如此的話只能懷疑您的機器(包括ip sharing)已經被crack甚至被放後門了,不然就是ISP對這兩個port有特殊處理過....

ulimie
2005-08-27, 03:04 PM
嗯.... 有心研究, 粉好!

我提供一些資料給大家研究, 除了 e-mail address 還有一些 ip 是改掉虛構的,
其他都是我的 mail server 跟外面的 mail server / USER 的實際對話, 供參考:

我的 mail server 叫: mail.server.com (當然是改掉後的假的).

SMTP-in (server) 部份, 這是外面的 ep16.udnpaper.com 的 mail server 有 mail 要送進來了:

Wed 2005-08-10 14:29:39: ----------
Wed 2005-08-10 17:01:40: Session 79; child 1; thread 852
Wed 2005-08-10 16:51:40: Accepting SMTP connection from [210.243.166.66 : 57034]
Wed 2005-08-10 16:51:40: Looking up PTR record for 210.243.166.66 (66.166.243.210.IN-ADDR.ARPA)
Wed 2005-08-10 16:51:41: D=66.166.243.210.IN-ADDR.ARPA TTL=(753) PTR=[udnpaper.com]
Wed 2005-08-10 16:51:41: Gathering A-records for PTR hosts
Wed 2005-08-10 16:51:41: D=udnpaper.com TTL=(1311) A=[210.243.166.66]
Wed 2005-08-10 16:51:41: --> 220 mail.server.com ESMTP MDaemon 8.0.0; Wed, 10 Aug 2005 16:51:41 +0800
Wed 2005-08-10 16:51:41: <-- EHLO ep16.udnpaper.com
Wed 2005-08-10 16:51:41: Performing lookup on ep16.udnpaper.com (looking for 210.243.166.66)
Wed 2005-08-10 16:51:42: Name server reports domain name unknown
Wed 2005-08-10 16:51:42: --> 250-mail.server.com Hello udnpaper.com, pleased to meet you
Wed 2005-08-10 16:51:42: --> 250-ETRN
Wed 2005-08-10 16:51:42: --> 250-AUTH=LOGIN
Wed 2005-08-10 16:51:42: --> 250-AUTH LOGIN CRAM-MD5
Wed 2005-08-10 16:51:42: --> 250-8BITMIME
Wed 2005-08-10 16:51:42: --> 250 SIZE 0
Wed 2005-08-10 16:51:42: <-- MAIL From:<mailman@mx.udnpaper.com> SIZE=101215
Wed 2005-08-10 16:51:42: Performing lookup on mx.udnpaper.com (looking for 210.243.166.66)
Wed 2005-08-10 16:51:42: D=mx.udnpaper.com TTL=(1330) A=[210.243.166.66]
Wed 2005-08-10 16:51:42: --> 250 <mailman@mx.udnpaper.com>, Sender ok
Wed 2005-08-10 16:51:42: <-- RCPT To:<abc@mail.server.com>
Wed 2005-08-10 16:51:42: --> 250 <abc@mail.server.com>, Recipient ok
Wed 2005-08-10 16:51:42: <-- DATA
Wed 2005-08-10 16:51:42: Creating temp file (SMTP): d:\mdaemon\temp\md50000009141.tmp
Wed 2005-08-10 16:51:42: --> 354 Enter mail, end with <CRLF>.<CRLF>
Wed 2005-08-10 16:51:42: Message creation successful: d:\mdaemon\inbound\md50000095414.msg
Wed 2005-08-10 16:51:42: --> 250 Ok, message saved <Message-ID: <udn.3359.20050810112120@udnpaper.com>>
Wed 2005-08-10 17:01:40: <-- QUIT
Wed 2005-08-10 17:01:40: --> 221 See ya in cyberspace
Wed 2005-08-10 17:01:40: SMTP session terminated (Bytes in/out: 103472/414)
Wed 2005-08-10 17:01:40: ----------

SMTP- in (user), 這是我的 mail server 所屬的 user 來寄信:

Tue 2005-08-09 22:31:54: ----------
Tue 2005-08-09 22:33:22: Session 60; child 1; thread 700
Tue 2005-08-09 22:32:36: Accepting SMTP connection from [62.224.25.210 : 2147]
Tue 2005-08-09 22:32:36: Looking up PTR record for 62.224.25.210 (210.25.224.62.IN-ADDR.ARPA)
Tue 2005-08-09 22:32:36: D=210.25.224.62.IN-ADDR.ARPA TTL=(1440) PTR=[62-224-25-210.dynamic.hinet.net]
Tue 2005-08-09 22:32:36: Gathering A-records for PTR hosts
Tue 2005-08-09 22:32:36: D=62-224-25-210.dynamic.hinet.net TTL=(1440) A=[62.224.25.210]
Tue 2005-08-09 22:32:36: --> 220 mail.server.com ESMTP MDaemon 8.0.0; Tue, 09 Aug 2005 22:32:36 +0800
Tue 2005-08-09 22:32:36: <-- EHLO Asus
Tue 2005-08-09 22:32:36: Performing lookup on Asus (looking for 62.224.25.210)
Tue 2005-08-09 22:32:37: Name server reports domain name unknown
Tue 2005-08-09 22:32:37: --> 250-mail.server.com Hello 62-224-25-210.dynamic.hinet.net, pleased to meet you
Tue 2005-08-09 22:32:37: --> 250-ETRN
Tue 2005-08-09 22:32:37: --> 250-AUTH=LOGIN
Tue 2005-08-09 22:32:37: --> 250-AUTH LOGIN CRAM-MD5
Tue 2005-08-09 22:32:37: --> 250-8BITMIME
Tue 2005-08-09 22:32:37: --> 250 SIZE 0
Tue 2005-08-09 22:32:38: <-- AUTH LOGIN
Tue 2005-08-09 22:32:38: --> 334 VXNlcm5WU6KY
Tue 2005-08-09 22:32:38: <-- dGNjaGFutr
Tue 2005-08-09 22:32:38: --> 334 UFzcvcmQ6me
Tue 2005-08-09 22:32:38: <-- Y2hhb2MDEsw
Tue 2005-08-09 22:32:38: --> 235 Authentication successful
Tue 2005-08-09 22:32:38: Authenticated as abc@mail.server.com
Tue 2005-08-09 22:32:38: <-- MAIL FROM: <abc@mail.server.com>
Tue 2005-08-09 22:32:38: --> 250 <abc@mail.server.com>, Sender ok
Tue 2005-08-09 22:32:38: <-- RCPT TO: <xyz@ijk.com>
Tue 2005-08-09 22:32:38: --> 250 <xyz@ijk.com>, Recipient ok
Tue 2005-08-09 22:32:47: <-- DATA
Tue 2005-08-09 22:32:47: Creating temp file (SMTP): d:\mdaemon\temp\md50000600104.tmp
Tue 2005-08-09 22:32:47: --> 354 Enter mail, end with <CRLF>.<CRLF>
Tue 2005-08-09 22:33:19: Message creation successful: d:\mdaemon\inbound\md50000005404.msg
Tue 2005-08-09 22:33:19: --> 250 Ok, message saved <Message-ID: <001bc5f2$3e35f770$1901a8c0@Asus>>
Tue 2005-08-09 22:33:22: <-- QUIT
Tue 2005-08-09 22:33:22: --> 221 See ya in cyberspace
Tue 2005-08-09 22:33:22: SMTP session successful (Bytes in/out: 876207/645)
Tue 2005-08-09 22:33:22: ----------

SMTP - out 這是我的 mail server 有 mail 要送出去:

Tue 2005-01-11 11:01:12: ----------
Tue 2005-01-11 20:00:49: Session 79; child 1
Tue 2005-01-11 20:00:46: Parsing Message <c:\progra~1\mdaemon\remoteq\pd50000000889.msg>
Tue 2005-01-11 20:00:46: From: abc@mail.server.com
Tue 2005-01-11 20:00:46: To: xyz@sohu.com
Tue 2005-01-11 20:00:46: Subject: Letter from abc
Tue 2005-01-11 20:00:46: Message-ID: <20050111182124.7DD9.ABC@mail.server.com>
Tue 2005-01-11 20:00:46: MX-record resolution of [sohu.com] in progress (DNS Server: 168.95.1.1)...
Tue 2005-01-11 20:00:46: P=010 D=sohu.com TTL=(2) MX=[sohumx.sohu.com] {61.135.132.100}
Tue 2005-01-11 20:00:46: Attempting MX: P=010 D=sohu.com TTL=(2) MX=[sohumx.sohu.com] {61.135.132.100}
Tue 2005-01-11 20:00:46: Attempting SMTP connection to [61.135.132.100 : 25]
Tue 2005-01-11 20:00:46: Waiting for socket connection...
Tue 2005-01-11 20:00:47: Socket connection established (123.123.123.123 : 1129 -> 61.135.132.100 : 25)
Tue 2005-01-11 20:00:47: Waiting for protocol initiation...
Tue 2005-01-11 20:00:47: <-- 220 sohumx97.sohu.com ESMTP
Tue 2005-01-11 20:00:47: --> EHLO mail.server.com
Tue 2005-01-11 20:00:47: <-- 250-sohumx97.sohu.com
Tue 2005-01-11 20:00:47: <-- 250-PIPELINING
Tue 2005-01-11 20:00:47: <-- 250-SIZE 10485760
Tue 2005-01-11 20:00:47: <-- 250-ETRN
Tue 2005-01-11 20:00:47: <-- 250 8BITMIME
Tue 2005-01-11 20:00:47: --> MAIL From:<abc@mail.server.com> SIZE=1910
Tue 2005-01-11 20:00:47: <-- 250 Ok
Tue 2005-01-11 20:00:47: --> RCPT To:<xyz@sohu.com>
Tue 2005-01-11 20:00:48: <-- 250 Ok
Tue 2005-01-11 20:00:48: --> DATA
Tue 2005-01-11 20:00:48: <-- 354 End data with <CR><LF>.<CR><LF>
Tue 2005-01-11 20:00:48: Sending <c:\progra~1\mdaemon\remoteq\pd50000000889.msg> to [61.135.132.100]
Tue 2005-01-11 20:00:48: Transfer Complete.
Tue 2005-01-11 20:00:49: <-- 250 Ok: queued as 1022be444a15a0ae87da1120cfb8c
Tue 2005-01-11 20:00:49: --> QUIT
Tue 2005-01-11 20:00:49: <-- 221 Bye
Tue 2005-01-11 20:00:49: SMTP session successful (Bytes in/out: 225/2024)
Tue 2005-01-11 20:00:49: ----------

POP3, 這是我的 mail server 上的一個 user 叫 abc 的, 要進來取信回去:

Mon 2005-05-09 22:24:57: ----------
Mon 2005-05-09 22:24:57: Session 4109; child 1
Mon 2005-05-09 22:24:46: Accepting POP connection from [62.24.84.63 : 1959]
Mon 2005-05-09 22:24:46: --> +OK mail.server.com POP MDaemon 8.0.0 ready <MDAEMON-F205092424.AA2487MD9643@mail.server.com>
Mon 2005-05-09 22:24:47: <-- USER abc
Mon 2005-05-09 22:24:47: --> +OK abc... User ok
Mon 2005-05-09 22:24:47: <-- PASS ******
Mon 2005-05-09 22:24:47: --> +OK abc@mail.server.com's mailbox has 3 total messages (87222 octets)
Mon 2005-05-09 22:24:47: <-- STAT
Mon 2005-05-09 22:24:47: --> +OK 3 87222
Mon 2005-05-09 22:24:47: <-- LIST
Mon 2005-05-09 22:24:47: Sending LIST response (not logged)
Mon 2005-05-09 22:24:47: <-- UIDL
Mon 2005-05-09 22:24:47: Sending UIDL response (not logged)
Mon 2005-05-09 22:24:47: <-- TOP 3 0
Mon 2005-05-09 22:24:47: Sending TOP response msg: 3 (not logged)
Mon 2005-05-09 22:24:47: --> +OK
Mon 2005-05-09 22:24:48: <-- TOP 2 0
Mon 2005-05-09 22:24:48: Sending TOP response msg: 2 (not logged)
Mon 2005-05-09 22:24:48: --> +OK
Mon 2005-05-09 22:24:48: <-- TOP 1 0
Mon 2005-05-09 22:24:48: Sending TOP response msg: 1 (not logged)
Mon 2005-05-09 22:24:48: --> +OK
Mon 2005-05-09 22:24:57: <-- DELE 1
Mon 2005-05-09 22:24:57: --> +OK message 1 deleted
Mon 2005-05-09 22:24:57: <-- DELE 3
Mon 2005-05-09 22:24:57: --> +OK message 3 deleted
Mon 2005-05-09 22:24:57: <-- QUIT
Mon 2005-05-09 22:24:57: --> +OK abc@mail.server.com mail.server.com POP Server signing off (1 messages left)
Mon 2005-05-09 22:24:57: POP session complete (Bytes in/out: 93/2723)
Mon 2005-05-09 22:24:57: ----------

language
2005-08-27, 06:31 PM
25:SMTP mail server收信用的

110:mail server讓user抓信下來用的

只要您的PC不是mail server,這兩個port就沒有open(passive open/listen)的道理,除非是Windows(尤其是server版本) default會把這兩個service打開(可在command prompt中下netstat -an,看local address這邊的tcp 25/110 port是否在listen而得知),詳細移除辦法請自行研究(尤其是SMTP,免得被拿來當SPAM relay :|||: ).....BTW,您又說您有用ip sharing,通常ip sharing是沒有主動port forwarding的道理(除非user有明確定義open port/DMZ,不然private LAN上的機器就算有在listen由public internet應該也touch不到 :) ),要是由外部掃您的public ip (通常bind在ip sharing上,private LAN中掃private ip不算)也是如此的話只能懷疑您的機器(包括ip sharing)已經被crack甚至被放後門了,不然就是ISP對這兩個port有特殊處理過....
我的電腦和ip分享器的確沒有25和110 port在listening。ip分享器也沒有設定port forwarding。我想一定是ISP對兩個PORT有有特殊處理過吧。為什麼??
http://home.gigigaga.com/lionking168/img/why01.jpg