«

Anyone know what port 2962 is used for?

a machine I was working on had 5 connections all to nz dsl
accounts(three xtra, one ihug, one paradise) immediatly after dial up.

a quick google says "IPH-POLICY-CLI."


The machine is Windows XP, and has the default FW, but this port is
entered as exception. The machine is a home machine, and is only used
for www and email access.

Im inclined to remove the exception and check it out later if it breaks
anything, but thought I'd check first.

On Sun, 26 Sep 2004 17:49:54 +1200, "Dave - Dave.net.nz"
<Dave@_no_spam_here_please_dave.net.nz> wrote:

>
>The machine is Windows XP, and has the default FW, but this port is
>entered as exception. The machine is a home machine, and is only used
>for www and email access.

Well obviously you should be using Linux. Yada, yada.

On Sun, 26 Sep 2004 17:49:54 +1200, "Dave - Dave.net.nz"
<Dave@_no_spam_here_please_dave.net.nz> wrote:

>Anyone know what port 2962 is used for?
>
>a machine I was working on had 5 connections all to nz dsl
>accounts(three xtra, one ihug, one paradise) immediatly after dial up.
>
>a quick google says "IPH-POLICY-CLI."
>
>
>The machine is Windows XP, and has the default FW, but this port is
>entered as exception. The machine is a home machine, and is only used
>for www and email access.
>
>Im inclined to remove the exception and check it out later if it breaks
>anything, but thought I'd check first.

According to http://live.dshield.org/port_report.php?port=2962 there
aren't any known vulnerabilities for this port. Unfortunately it
doesn't give much useful info, either.

I'd say whack it off and see what happens...

"Dave - Dave.net.nz" <Dave@_no_spam_here_please_dave.net.nz> wrote in
news::

> a machine I was working on had 5 connections all to nz dsl
> accounts(three xtra, one ihug, one paradise) immediatly after dial up.
>

You could use something like sysinternals.com's tcpview on the machine to
find out what app is using this port and decide what action to take from
there.
Ciao, Dave

Dave - Dave.net.nz wrote:
> Anyone know what port 2962 is used for?
>
> a machine I was working on had 5 connections all to nz dsl
> accounts(three xtra, one ihug, one paradise) immediatly after dial up.
>
> a quick google says "IPH-POLICY-CLI."
>
>
> The machine is Windows XP, and has the default FW, but this port is
> entered as exception. The machine is a home machine, and is only used
> for www and email access.
>
> Im inclined to remove the exception and check it out later if it breaks
> anything, but thought I'd check first.

Dave - check for inetinfo.exe running. It's a legit IIS process of some
sort but can apparently also be compromised by some fscknasty thing too.

--
EMB
change two to the number to reply

"Dave Taylor" <> wrote in message
news:Xns9570CAE4D38E1daveytaynospamplshot@202.20.9 3.13...
> "Dave - Dave.net.nz" <Dave@_no_spam_here_please_dave.net.nz> wrote in
> news::
>
> > a machine I was working on had 5 connections all to nz dsl
> > accounts(three xtra, one ihug, one paradise) immediatly after dial up.
> >
>
> You could use something like sysinternals.com's tcpview on the machine to
> find out what app is using this port and decide what action to take from
> there.

netstat -ao

Look up the PID in the task manager

Gurble wrote:
> Well obviously you should be using Linux. Yada, yada.

hahaha
good, thanks

Gurble wrote:
>>Im inclined to remove the exception and check it out later if it breaks
>>anything, but thought I'd check first.

> According to http://live.dshield.org/port_report.php?port=2962 there
> aren't any known vulnerabilities for this port. Unfortunately it
> doesn't give much useful info, either.

> I'd say whack it off and see what happens...

heh @ whacking off.
sorry, one of those moods.

yeah, it doesnt seem to have broken anything.
I've since found out that the guy did have someone else playing
with/configuring it, for IRC or something... erk.

either way, it's disabled.

"Craig Sutton" <> wrote in
news:cj64t3$g7k$:

>
> "Dave Taylor" <> wrote in message
> news:Xns9570CAE4D38E1daveytaynospamplshot@202.20.9 3.13...
>> "Dave - Dave.net.nz" <Dave@_no_spam_here_please_dave.net.nz> wrote in
>> news::
>>
>> > a machine I was working on had 5 connections all to nz dsl
>> > accounts(three xtra, one ihug, one paradise) immediatly after dial
>> > up.
>> >
>>
>> You could use something like sysinternals.com's tcpview on the
>> machine to find out what app is using this port and decide what
>> action to take from there.
>
> netstat -ao
>
> Look up the PID in the task manager
>
>

I think that is only available in XP's and other OS's Netstat.
TCPView works in any win32 OS AFAIK.
Ciao, Dave

Craig Sutton wrote:
>>>a machine I was working on had 5 connections all to nz dsl
>>>accounts(three xtra, one ihug, one paradise) immediatly after dial up.

>>You could use something like sysinternals.com's tcpview on the machine to
>>find out what app is using this port and decide what action to take from
>>there.

> netstat -ao
> Look up the PID in the task manager

Im not there now, but I just did this on my home machine and got this.
Half-man is my machine*

C:\Documents and Settings\Dave & Karyn>netstat -ao
Active Connections
Proto Local Address Foreign Address State PID
TCP half-man:http half-man:0 LISTENING 1068
TCP half-man:epmap half-man:0 LISTENING 748
TCP half-man:https half-man:0 LISTENING 1068
TCP half-man:ms-ds half-man:0 LISTENING 4
TCP half-man:5800 half-man:0 LISTENING 440
TCP half-man:5900 half-man:0 LISTENING 440
TCP half-man:55884 half-man:0 LISTENING 1068
TCP half-man:1026 half-man:0 LISTENING 2000
TCP half-man:2958 localhost:2959 ESTABLISHED 344
TCP half-man:2959 localhost:2958 ESTABLISHED 344
TCP half-man:3610 chimphy-pc52.ulb.ac.be:4078 ESTABLISHED 1068
TCP half-man:3621 individual.net:nntp ESTABLISHED 344
TCP half-man:3622 mysql.synaptic.net.nz:imap ESTABLISHED 344
TCP half-man:3628 mysql.synaptic.net.nz:imap TIME_WAIT 0
UDP half-man:microsoft-ds *:* 4
UDP half-man:1029 *:* 828
UDP half-man:1030 *:* 828
UDP half-man:1031 *:* 828
UDP half-man:1032 *:* 828
UDP half-man:1238 *:* 828
UDP half-man:1239 *:* 828
UDP half-man:1240 *:* 828
UDP half-man:1241 *:* 828
UDP half-man:1242 *:* 828
UDP half-man:1243 *:* 828
UDP half-man:55884 *:* 1068
UDP half-man:ntp *:* 784
UDP half-man:ntp *:* 784

C:\Documents and Settings\Dave & Karyn>



*the reason for being called half-man is that it used to be called
beast, ah-la Xmen, however my dual board died, and it was split into two
machines, half-man and half-beast