[lug] outgoing port 220 exploit?

Chip Atkinson chip at rmpg.org
Sat Jan 17 22:22:11 MST 2004

I use netstat -lenp to discover what processes are listening on what

On Sat, 17 Jan 2004, D. Stimits wrote:

> I currently have no use of imap, and routinely block not only incoming
> ports that I do not use, but also outgoing ports. It may be that nothing
> is wrong here, but I need to track which app is trying to send an
> outgoing tcp connect to port 220 on all kinds of machines. Chkrootkit
> says things are fine, no mysterious processes show up, I keep things
> updated, so on. But it bugs me to not be able to see the ipchains output
> tell me exactly what app it is that is that is trying to go to imap. Any
> suggestions? I can't seem to find any published info on any exploit that
> would cause an outbound port 220 attempt (internal port is always 6129).
> I have been unable to find any input chain hits, only output chain.
> D. Stimits, stimits AT comcast DOT net
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug

More information about the LUG mailing list