Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > port 2962

Reply
Thread Tools

port 2962

 
 
Dave - Dave.net.nz
Guest
Posts: n/a
 
      09-26-2004
Anyone know what port 2962 is used for?

a machine I was working on had 5 connections all to nz dsl
accounts(three xtra, one ihug, one paradise) immediatly after dial up.

a quick google says "IPH-POLICY-CLI."


The machine is Windows XP, and has the default FW, but this port is
entered as exception. The machine is a home machine, and is only used
for www and email access.

Im inclined to remove the exception and check it out later if it breaks
anything, but thought I'd check first.
 
Reply With Quote
 
 
 
 
Gurble
Guest
Posts: n/a
 
      09-26-2004
On Sun, 26 Sep 2004 17:49:54 +1200, "Dave - Dave.net.nz"
<Dave@_no_spam_here_please_dave.net.nz> wrote:

>
>The machine is Windows XP, and has the default FW, but this port is
>entered as exception. The machine is a home machine, and is only used
>for www and email access.


Well obviously you should be using Linux. Yada, yada.
 
Reply With Quote
 
 
 
 
Gurble
Guest
Posts: n/a
 
      09-26-2004
On Sun, 26 Sep 2004 17:49:54 +1200, "Dave - Dave.net.nz"
<Dave@_no_spam_here_please_dave.net.nz> wrote:

>Anyone know what port 2962 is used for?
>
>a machine I was working on had 5 connections all to nz dsl
>accounts(three xtra, one ihug, one paradise) immediatly after dial up.
>
>a quick google says "IPH-POLICY-CLI."
>
>
>The machine is Windows XP, and has the default FW, but this port is
>entered as exception. The machine is a home machine, and is only used
>for www and email access.
>
>Im inclined to remove the exception and check it out later if it breaks
>anything, but thought I'd check first.


According to http://live.dshield.org/port_report.php?port=2962 there
aren't any known vulnerabilities for this port. Unfortunately it
doesn't give much useful info, either.

I'd say whack it off and see what happens...
 
Reply With Quote
 
Dave Taylor
Guest
Posts: n/a
 
      09-26-2004
"Dave - Dave.net.nz" <Dave@_no_spam_here_please_dave.net.nz> wrote in
news:(E-Mail Removed):

> a machine I was working on had 5 connections all to nz dsl
> accounts(three xtra, one ihug, one paradise) immediatly after dial up.
>


You could use something like sysinternals.com's tcpview on the machine to
find out what app is using this port and decide what action to take from
there.
Ciao, Dave
 
Reply With Quote
 
EMB
Guest
Posts: n/a
 
      09-26-2004
Dave - Dave.net.nz wrote:
> Anyone know what port 2962 is used for?
>
> a machine I was working on had 5 connections all to nz dsl
> accounts(three xtra, one ihug, one paradise) immediatly after dial up.
>
> a quick google says "IPH-POLICY-CLI."
>
>
> The machine is Windows XP, and has the default FW, but this port is
> entered as exception. The machine is a home machine, and is only used
> for www and email access.
>
> Im inclined to remove the exception and check it out later if it breaks
> anything, but thought I'd check first.


Dave - check for inetinfo.exe running. It's a legit IIS process of some
sort but can apparently also be compromised by some fscknasty thing too.

--
EMB
change two to the number to reply
 
Reply With Quote
 
Craig Sutton
Guest
Posts: n/a
 
      09-26-2004

"Dave Taylor" <(E-Mail Removed)> wrote in message
news:Xns9570CAE4D38E1daveytaynospamplshot@202.20.9 3.13...
> "Dave - Dave.net.nz" <Dave@_no_spam_here_please_dave.net.nz> wrote in
> news:(E-Mail Removed):
>
> > a machine I was working on had 5 connections all to nz dsl
> > accounts(three xtra, one ihug, one paradise) immediatly after dial up.
> >

>
> You could use something like sysinternals.com's tcpview on the machine to
> find out what app is using this port and decide what action to take from
> there.


netstat -ao

Look up the PID in the task manager


 
Reply With Quote
 
Dave - Dave.net.nz
Guest
Posts: n/a
 
      09-26-2004
Gurble wrote:
> Well obviously you should be using Linux. Yada, yada.


hahaha
good, thanks
 
Reply With Quote
 
Dave - Dave.net.nz
Guest
Posts: n/a
 
      09-26-2004
Gurble wrote:
>>Im inclined to remove the exception and check it out later if it breaks
>>anything, but thought I'd check first.


> According to http://live.dshield.org/port_report.php?port=2962 there
> aren't any known vulnerabilities for this port. Unfortunately it
> doesn't give much useful info, either.


> I'd say whack it off and see what happens...


heh @ whacking off.
sorry, one of those moods.

yeah, it doesnt seem to have broken anything.
I've since found out that the guy did have someone else playing
with/configuring it, for IRC or something... erk.

either way, it's disabled.
 
Reply With Quote
 
Dave Taylor
Guest
Posts: n/a
 
      09-26-2004
"Craig Sutton" <(E-Mail Removed)> wrote in
news:cj64t3$g7k$(E-Mail Removed):

>
> "Dave Taylor" <(E-Mail Removed)> wrote in message
> news:Xns9570CAE4D38E1daveytaynospamplshot@202.20.9 3.13...
>> "Dave - Dave.net.nz" <Dave@_no_spam_here_please_dave.net.nz> wrote in
>> news:(E-Mail Removed):
>>
>> > a machine I was working on had 5 connections all to nz dsl
>> > accounts(three xtra, one ihug, one paradise) immediatly after dial
>> > up.
>> >

>>
>> You could use something like sysinternals.com's tcpview on the
>> machine to find out what app is using this port and decide what
>> action to take from there.

>
> netstat -ao
>
> Look up the PID in the task manager
>
>


I think that is only available in XP's and other OS's Netstat.
TCPView works in any win32 OS AFAIK.
Ciao, Dave
 
Reply With Quote
 
Dave - Dave.net.nz
Guest
Posts: n/a
 
      09-26-2004
Craig Sutton wrote:
>>>a machine I was working on had 5 connections all to nz dsl
>>>accounts(three xtra, one ihug, one paradise) immediatly after dial up.


>>You could use something like sysinternals.com's tcpview on the machine to
>>find out what app is using this port and decide what action to take from
>>there.


> netstat -ao
> Look up the PID in the task manager


Im not there now, but I just did this on my home machine and got this.
Half-man is my machine*

C:\Documents and Settings\Dave & Karyn>netstat -ao
Active Connections
Proto Local Address Foreign Address State PID
TCP half-man:http half-man:0 LISTENING 1068
TCP half-man:epmap half-man:0 LISTENING 748
TCP half-man:https half-man:0 LISTENING 1068
TCP half-man:ms-ds half-man:0 LISTENING 4
TCP half-man:5800 half-man:0 LISTENING 440
TCP half-man:5900 half-man:0 LISTENING 440
TCP half-man:55884 half-man:0 LISTENING 1068
TCP half-man:1026 half-man:0 LISTENING 2000
TCP half-man:2958 localhost:2959 ESTABLISHED 344
TCP half-man:2959 localhost:2958 ESTABLISHED 344
TCP half-man:3610 chimphy-pc52.ulb.ac.be:4078 ESTABLISHED 1068
TCP half-man:3621 individual.net:nntp ESTABLISHED 344
TCP half-man:3622 mysql.synaptic.net.nz:imap ESTABLISHED 344
TCP half-man:3628 mysql.synaptic.net.nz:imap TIME_WAIT 0
UDP half-man:microsoft-ds *:* 4
UDP half-man:1029 *:* 828
UDP half-man:1030 *:* 828
UDP half-man:1031 *:* 828
UDP half-man:1032 *:* 828
UDP half-man:1238 *:* 828
UDP half-man:1239 *:* 828
UDP half-man:1240 *:* 828
UDP half-man:1241 *:* 828
UDP half-man:1242 *:* 828
UDP half-man:1243 *:* 828
UDP half-man:55884 *:* 1068
UDP half-man:ntp *:* 784
UDP half-man:ntp *:* 784

C:\Documents and Settings\Dave & Karyn>



*the reason for being called half-man is that it used to be called
beast, ah-la Xmen, however my dual board died, and it was split into two
machines, half-man and half-beast
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Overhead of 4-port over 2-port SRAM John T. Goodman VHDL 0 01-25-2005 04:27 PM
4 port ethernet, 1 port broadband Link Cisco 1 05-09-2004 10:41 PM
Port-security on 16-port FastEthernet module (NM-ESW-16) Dmitry Cisco 0 04-01-2004 06:38 PM
Port security on a Catalyst 4000 - fails to shut down port Jon Whitear Cisco 2 11-04-2003 11:01 PM
about "match ip rtp starting-port-number port-range" Weiguang Shi Cisco 1 10-25-2003 07:14 AM



Advertisments