Author Topic: Closing ports  (Read 16102 times)

0 Members and 1 Guest are viewing this topic.

DroppinPackets

  • Guest
Closing ports
« on: October 13, 2003, 08:53:36 AM »
Is there a way to close the IMAP port 143 from aswmaisv.exe from listening as it is not needed?

Also, ASWSERV.EXE listens on a local service port (1024 or higher), can this also be negating if it is not needed?
« Last Edit: October 13, 2003, 10:29:46 AM by DroppinPackets »

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Closing ports
« Reply #1 on: October 13, 2003, 09:00:17 AM »
Wait a moment, aswMaiSv.exe is running? So you've started the Internet Mail provider (i.e. completed the Mail Protection Wizard)?

In most cases, this thing is completely redundant in server environment (unless it's a terminal server).

Anyway, what program do you use to find out which app is listening on which port? netstat?
If at first you don't succeed, then skydiving's not for you.

DroppinPackets

  • Guest
Re:Closing ports
« Reply #2 on: October 13, 2003, 09:22:05 AM »
Wait a moment, aswMaiSv.exe is running? So you've started the Internet Mail provider (i.e. completed the Mail Protection Wizard)?

In most cases, this thing is completely redundant in server environment (unless it's a terminal server).

Anyway, what program do you use to find out which app is listening on which port? netstat?

Yes, aswmaiSrv is running, it is used for smtp and pop.

Redundant?

Netstat shows the ports yes.  But presently Kerio FW shows this as well.  I had installed TPF 5.1, but uninstalled it as it seems buggy, it actually could not see ASWSERV.EXE to enroll into it's sandbox, but external port scans (grc.com) could connect(could not actally connect, but recieved packets) to the port and it was reported closed.  More rules would have stealthed (null) the port.  But as i will have no need to connect to the server remotely, I see no reason to have open in the first place, if you follow my drift.  

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Closing ports
« Reply #3 on: October 13, 2003, 09:57:56 AM »
Interesting... AFAIK aswServ.exe doesn't have any TCP listener in it. What port numbers are we talking about, exactly?

BTW have you ever used avast Home/Pro? If so, does the ashServ.exe process from it exhibit similar behavior?

Thanks
If at first you don't succeed, then skydiving's not for you.

Offline vojtech

  • Avast team
  • Advanced Poster
  • *
  • Posts: 939
    • ALWIL Software
Re:Closing ports
« Reply #4 on: October 13, 2003, 10:03:02 AM »
To prevent the Mail scanner from listenig on port 143, insert this line
StartImap=0
to the file Avast4\Data\avast4.ini into section [MailScanner].

DroppinPackets

  • Guest
Re:Closing ports
« Reply #5 on: October 13, 2003, 10:27:31 AM »
I just checked an XP box with avast home and it only has the mailserver ports listening.

I presume it opens the next port from 1024 onwards that is availiable, on my system it is 1026, but if I disable a service(say DCOM), then it will be 1025.



« Last Edit: October 13, 2003, 10:32:44 AM by DroppinPackets »

DroppinPackets

  • Guest
Re:Closing ports
« Reply #6 on: October 13, 2003, 11:13:29 AM »
Copy


Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Closing ports
« Reply #7 on: October 13, 2003, 11:25:54 AM »
OK, it's the RPC listener then. Thanks for the info. I'll add an option to prevent avast using this port (just like in the consumer editions).
If at first you don't succeed, then skydiving's not for you.