[lug] outgoing port 220 exploit?

D. Stimits stimits at comcast.net
Sat Jan 17 22:13:04 MST 2004

I currently have no use of imap, and routinely block not only incoming 
ports that I do not use, but also outgoing ports. It may be that nothing 
is wrong here, but I need to track which app is trying to send an 
outgoing tcp connect to port 220 on all kinds of machines. Chkrootkit 
says things are fine, no mysterious processes show up, I keep things 
updated, so on. But it bugs me to not be able to see the ipchains output 
tell me exactly what app it is that is that is trying to go to imap. Any 
suggestions? I can't seem to find any published info on any exploit that 
would cause an outbound port 220 attempt (internal port is always 6129). 
I have been unable to find any input chain hits, only output chain.

D. Stimits, stimits AT comcast DOT net

More information about the LUG mailing list