為何我掃描自已ADSL的IP竟然有開PORT 25和110,我用的是GIGA 的 ADSL
我沒有架站呀!接著我掃描附近範圍的IP竟然也有開PORT 25 和 110 呢?
這到底是為什麼??
我家裡上網通通都是用IP分享器!
 |
|
為何我掃描自已ADSL的IP竟然有開PORT 25和110,我用的是GIGA 的 ADSL
我沒有架站呀!接著我掃描附近範圍的IP竟然也有開PORT 25 和 110 呢?
這到底是為什麼??
我家裡上網通通都是用IP分享器!
不開怎麼收發信咧
你要寄封信 需要自己開間郵局嗎?
理論上有架Mail Server 才會開port 110 和 25 不是嗎?
我自已收發信應該用不到 port 110 和 25 啊??
對吼 = ="
POP3的協定(收信)是用個PORT? SMTP協定(發信)是用那個PORT啊?不開這些PORT如何與伺服器溝通?嗯, 很值得研究一下........
一開始直覺以為25 110不開怎麼收信 這二個port不是收發信用的嗎
後來看到其他人的文章才想到 這二個port是給mail server在用的
本身電腦不須要這二個port
例如
Proto Local Address Foreign Address State
TCP 192.168.1.12:2504 210.224.186.34:110 TIME_WAIT
自己2504 有開就好 不用開110
這樣想應該對吧
25:SMTP mail server收信用的作者:darcychan2003
110:mail server讓user抓信下來用的
只要您的PC不是mail server,這兩個port就沒有open(passive open/listen)的道理,除非是Windows(尤其是server版本) default會把這兩個service打開(可在command prompt中下netstat -an,看local address這邊的tcp 25/110 port是否在listen而得知),詳細移除辦法請自行研究(尤其是SMTP,免得被拿來當SPAM relay).....BTW,您又說您有用ip sharing,通常ip sharing是沒有主動port forwarding的道理(除非user有明確定義open port/DMZ,不然private LAN上的機器就算有在listen由public internet應該也touch不到
),要是由外部掃您的public ip (通常bind在ip sharing上,private LAN中掃private ip不算)也是如此的話只能懷疑您的機器(包括ip sharing)已經被crack甚至被放後門了,不然就是ISP對這兩個port有特殊處理過....
嗯.... 有心研究, 粉好!
我提供一些資料給大家研究, 除了 e-mail address 還有一些 ip 是改掉虛構的,
其他都是我的 mail server 跟外面的 mail server / USER 的實際對話, 供參考:
我的 mail server 叫: mail.server.com (當然是改掉後的假的).
SMTP-in (server) 部份, 這是外面的 ep16.udnpaper.com 的 mail server 有 mail 要送進來了:
Wed 2005-08-10 14:29:39: ----------
Wed 2005-08-10 17:01:40: Session 79; child 1; thread 852
Wed 2005-08-10 16:51:40: Accepting SMTP connection from [210.243.166.66 : 57034]
Wed 2005-08-10 16:51:40: Looking up PTR record for 210.243.166.66 (66.166.243.210.IN-ADDR.ARPA)
Wed 2005-08-10 16:51:41: D=66.166.243.210.IN-ADDR.ARPA TTL=(753) PTR=[udnpaper.com]
Wed 2005-08-10 16:51:41: Gathering A-records for PTR hosts
Wed 2005-08-10 16:51:41: D=udnpaper.com TTL=(1311) A=[210.243.166.66]
Wed 2005-08-10 16:51:41: --> 220 mail.server.com ESMTP MDaemon 8.0.0; Wed, 10 Aug 2005 16:51:41 +0800
Wed 2005-08-10 16:51:41: <-- EHLO ep16.udnpaper.com
Wed 2005-08-10 16:51:41: Performing lookup on ep16.udnpaper.com (looking for 210.243.166.66)
Wed 2005-08-10 16:51:42: Name server reports domain name unknown
Wed 2005-08-10 16:51:42: --> 250-mail.server.com Hello udnpaper.com, pleased to meet you
Wed 2005-08-10 16:51:42: --> 250-ETRN
Wed 2005-08-10 16:51:42: --> 250-AUTH=LOGIN
Wed 2005-08-10 16:51:42: --> 250-AUTH LOGIN CRAM-MD5
Wed 2005-08-10 16:51:42: --> 250-8BITMIME
Wed 2005-08-10 16:51:42: --> 250 SIZE 0
Wed 2005-08-10 16:51:42: <-- MAIL From:<[email protected]> SIZE=101215
Wed 2005-08-10 16:51:42: Performing lookup on mx.udnpaper.com (looking for 210.243.166.66)
Wed 2005-08-10 16:51:42: D=mx.udnpaper.com TTL=(1330) A=[210.243.166.66]
Wed 2005-08-10 16:51:42: --> 250 <[email protected]>, Sender ok
Wed 2005-08-10 16:51:42: <-- RCPT To:<[email protected]>
Wed 2005-08-10 16:51:42: --> 250 <[email protected]>, Recipient ok
Wed 2005-08-10 16:51:42: <-- DATA
Wed 2005-08-10 16:51:42: Creating temp file (SMTP): d:\mdaemon\temp\md50000009141.tmp
Wed 2005-08-10 16:51:42: --> 354 Enter mail, end with <CRLF>.<CRLF>
Wed 2005-08-10 16:51:42: Message creation successful: d:\mdaemon\inbound\md50000095414.msg
Wed 2005-08-10 16:51:42: --> 250 Ok, message saved <Message-ID: <[email protected]>>
Wed 2005-08-10 17:01:40: <-- QUIT
Wed 2005-08-10 17:01:40: --> 221 See ya in cyberspace
Wed 2005-08-10 17:01:40: SMTP session terminated (Bytes in/out: 103472/414)
Wed 2005-08-10 17:01:40: ----------
SMTP- in (user), 這是我的 mail server 所屬的 user 來寄信:
Tue 2005-08-09 22:31:54: ----------
Tue 2005-08-09 22:33:22: Session 60; child 1; thread 700
Tue 2005-08-09 22:32:36: Accepting SMTP connection from [62.224.25.210 : 2147]
Tue 2005-08-09 22:32:36: Looking up PTR record for 62.224.25.210 (210.25.224.62.IN-ADDR.ARPA)
Tue 2005-08-09 22:32:36: D=210.25.224.62.IN-ADDR.ARPA TTL=(1440) PTR=[62-224-25-210.dynamic.hinet.net]
Tue 2005-08-09 22:32:36: Gathering A-records for PTR hosts
Tue 2005-08-09 22:32:36: D=62-224-25-210.dynamic.hinet.net TTL=(1440) A=[62.224.25.210]
Tue 2005-08-09 22:32:36: --> 220 mail.server.com ESMTP MDaemon 8.0.0; Tue, 09 Aug 2005 22:32:36 +0800
Tue 2005-08-09 22:32:36: <-- EHLO Asus
Tue 2005-08-09 22:32:36: Performing lookup on Asus (looking for 62.224.25.210)
Tue 2005-08-09 22:32:37: Name server reports domain name unknown
Tue 2005-08-09 22:32:37: --> 250-mail.server.com Hello 62-224-25-210.dynamic.hinet.net, pleased to meet you
Tue 2005-08-09 22:32:37: --> 250-ETRN
Tue 2005-08-09 22:32:37: --> 250-AUTH=LOGIN
Tue 2005-08-09 22:32:37: --> 250-AUTH LOGIN CRAM-MD5
Tue 2005-08-09 22:32:37: --> 250-8BITMIME
Tue 2005-08-09 22:32:37: --> 250 SIZE 0
Tue 2005-08-09 22:32:38: <-- AUTH LOGIN
Tue 2005-08-09 22:32:38: --> 334 VXNlcm5WU6KY
Tue 2005-08-09 22:32:38: <-- dGNjaGFutr
Tue 2005-08-09 22:32:38: --> 334 UFzcvcmQ6me
Tue 2005-08-09 22:32:38: <-- Y2hhb2MDEsw
Tue 2005-08-09 22:32:38: --> 235 Authentication successful
Tue 2005-08-09 22:32:38: Authenticated as [email protected]
Tue 2005-08-09 22:32:38: <-- MAIL FROM: <[email protected]>
Tue 2005-08-09 22:32:38: --> 250 <[email protected]>, Sender ok
Tue 2005-08-09 22:32:38: <-- RCPT TO: <[email protected]>
Tue 2005-08-09 22:32:38: --> 250 <[email protected]>, Recipient ok
Tue 2005-08-09 22:32:47: <-- DATA
Tue 2005-08-09 22:32:47: Creating temp file (SMTP): d:\mdaemon\temp\md50000600104.tmp
Tue 2005-08-09 22:32:47: --> 354 Enter mail, end with <CRLF>.<CRLF>
Tue 2005-08-09 22:33:19: Message creation successful: d:\mdaemon\inbound\md50000005404.msg
Tue 2005-08-09 22:33:19: --> 250 Ok, message saved <Message-ID: <001bc5f2$3e35f770$1901a8c0@Asus>>
Tue 2005-08-09 22:33:22: <-- QUIT
Tue 2005-08-09 22:33:22: --> 221 See ya in cyberspace
Tue 2005-08-09 22:33:22: SMTP session successful (Bytes in/out: 876207/645)
Tue 2005-08-09 22:33:22: ----------
SMTP - out 這是我的 mail server 有 mail 要送出去:
Tue 2005-01-11 11:01:12: ----------
Tue 2005-01-11 20:00:49: Session 79; child 1
Tue 2005-01-11 20:00:46: Parsing Message <c:\progra~1\mdaemon\remoteq\pd50000000889.msg>
Tue 2005-01-11 20:00:46: From: [email protected]
Tue 2005-01-11 20:00:46: To: [email protected]
Tue 2005-01-11 20:00:46: Subject: Letter from abc
Tue 2005-01-11 20:00:46: Message-ID: <[email protected]>
Tue 2005-01-11 20:00:46: MX-record resolution of [sohu.com] in progress (DNS Server: 168.95.1.1)...
Tue 2005-01-11 20:00:46: P=010 D=sohu.com TTL=(2) MX=[sohumx.sohu.com] {61.135.132.100}
Tue 2005-01-11 20:00:46: Attempting MX: P=010 D=sohu.com TTL=(2) MX=[sohumx.sohu.com] {61.135.132.100}
Tue 2005-01-11 20:00:46: Attempting SMTP connection to [61.135.132.100 : 25]
Tue 2005-01-11 20:00:46: Waiting for socket connection...
Tue 2005-01-11 20:00:47: Socket connection established (123.123.123.123 : 1129 -> 61.135.132.100 : 25)
Tue 2005-01-11 20:00:47: Waiting for protocol initiation...
Tue 2005-01-11 20:00:47: <-- 220 sohumx97.sohu.com ESMTP
Tue 2005-01-11 20:00:47: --> EHLO mail.server.com
Tue 2005-01-11 20:00:47: <-- 250-sohumx97.sohu.com
Tue 2005-01-11 20:00:47: <-- 250-PIPELINING
Tue 2005-01-11 20:00:47: <-- 250-SIZE 10485760
Tue 2005-01-11 20:00:47: <-- 250-ETRN
Tue 2005-01-11 20:00:47: <-- 250 8BITMIME
Tue 2005-01-11 20:00:47: --> MAIL From:<[email protected]> SIZE=1910
Tue 2005-01-11 20:00:47: <-- 250 Ok
Tue 2005-01-11 20:00:47: --> RCPT To:<[email protected]>
Tue 2005-01-11 20:00:48: <-- 250 Ok
Tue 2005-01-11 20:00:48: --> DATA
Tue 2005-01-11 20:00:48: <-- 354 End data with <CR><LF>.<CR><LF>
Tue 2005-01-11 20:00:48: Sending <c:\progra~1\mdaemon\remoteq\pd50000000889.msg> to [61.135.132.100]
Tue 2005-01-11 20:00:48: Transfer Complete.
Tue 2005-01-11 20:00:49: <-- 250 Ok: queued as 1022be444a15a0ae87da1120cfb8c
Tue 2005-01-11 20:00:49: --> QUIT
Tue 2005-01-11 20:00:49: <-- 221 Bye
Tue 2005-01-11 20:00:49: SMTP session successful (Bytes in/out: 225/2024)
Tue 2005-01-11 20:00:49: ----------
POP3, 這是我的 mail server 上的一個 user 叫 abc 的, 要進來取信回去:
Mon 2005-05-09 22:24:57: ----------
Mon 2005-05-09 22:24:57: Session 4109; child 1
Mon 2005-05-09 22:24:46: Accepting POP connection from [62.24.84.63 : 1959]
Mon 2005-05-09 22:24:46: --> +OK mail.server.com POP MDaemon 8.0.0 ready <[email protected]>
Mon 2005-05-09 22:24:47: <-- USER abc
Mon 2005-05-09 22:24:47: --> +OK abc... User ok
Mon 2005-05-09 22:24:47: <-- PASS ******
Mon 2005-05-09 22:24:47: --> +OK [email protected]'s mailbox has 3 total messages (87222 octets)
Mon 2005-05-09 22:24:47: <-- STAT
Mon 2005-05-09 22:24:47: --> +OK 3 87222
Mon 2005-05-09 22:24:47: <-- LIST
Mon 2005-05-09 22:24:47: Sending LIST response (not logged)
Mon 2005-05-09 22:24:47: <-- UIDL
Mon 2005-05-09 22:24:47: Sending UIDL response (not logged)
Mon 2005-05-09 22:24:47: <-- TOP 3 0
Mon 2005-05-09 22:24:47: Sending TOP response msg: 3 (not logged)
Mon 2005-05-09 22:24:47: --> +OK
Mon 2005-05-09 22:24:48: <-- TOP 2 0
Mon 2005-05-09 22:24:48: Sending TOP response msg: 2 (not logged)
Mon 2005-05-09 22:24:48: --> +OK
Mon 2005-05-09 22:24:48: <-- TOP 1 0
Mon 2005-05-09 22:24:48: Sending TOP response msg: 1 (not logged)
Mon 2005-05-09 22:24:48: --> +OK
Mon 2005-05-09 22:24:57: <-- DELE 1
Mon 2005-05-09 22:24:57: --> +OK message 1 deleted
Mon 2005-05-09 22:24:57: <-- DELE 3
Mon 2005-05-09 22:24:57: --> +OK message 3 deleted
Mon 2005-05-09 22:24:57: <-- QUIT
Mon 2005-05-09 22:24:57: --> +OK [email protected] mail.server.com POP Server signing off (1 messages left)
Mon 2005-05-09 22:24:57: POP session complete (Bytes in/out: 93/2723)
Mon 2005-05-09 22:24:57: ----------
我的電腦和ip分享器的確沒有25和110 port在listening。ip分享器也沒有設定port forwarding。我想一定是ISP對兩個PORT有有特殊處理過吧。為什麼??25:SMTP mail server收信用的
110:mail server讓user抓信下來用的
只要您的PC不是mail server,這兩個port就沒有open(passive open/listen)的道理,除非是Windows(尤其是server版本) default會把這兩個service打開(可在command prompt中下netstat -an,看local address這邊的tcp 25/110 port是否在listen而得知),詳細移除辦法請自行研究(尤其是SMTP,免得被拿來當SPAM relay
發表文章規則
| XML | RSS 2.0 | RSS |
本討論區所有文章僅代表留言者個人意見,並不代表本站之立場,討論區以「即時留言」方式運作,故無法完全監察所有即時留言,若您發現文章可能有異議,請 email:[email protected] 處理。
回覆時引用此文章
書籤