port 2962

Discussion in 'NZ Computing' started by Dave - Dave.net.nz, Sep 26, 2004.

  1. Anyone know what port 2962 is used for?

    a machine I was working on had 5 connections all to nz dsl
    accounts(three xtra, one ihug, one paradise) immediatly after dial up.

    a quick google says "IPH-POLICY-CLI."


    The machine is Windows XP, and has the default FW, but this port is
    entered as exception. The machine is a home machine, and is only used
    for www and email access.

    Im inclined to remove the exception and check it out later if it breaks
    anything, but thought I'd check first.
    Dave - Dave.net.nz, Sep 26, 2004
    #1
    1. Advertising

  2. Dave - Dave.net.nz

    Gurble Guest

    On Sun, 26 Sep 2004 17:49:54 +1200, "Dave - Dave.net.nz"
    <Dave@_no_spam_here_please_dave.net.nz> wrote:

    >
    >The machine is Windows XP, and has the default FW, but this port is
    >entered as exception. The machine is a home machine, and is only used
    >for www and email access.


    Well obviously you should be using Linux. Yada, yada.
    Gurble, Sep 26, 2004
    #2
    1. Advertising

  3. Dave - Dave.net.nz

    Gurble Guest

    On Sun, 26 Sep 2004 17:49:54 +1200, "Dave - Dave.net.nz"
    <Dave@_no_spam_here_please_dave.net.nz> wrote:

    >Anyone know what port 2962 is used for?
    >
    >a machine I was working on had 5 connections all to nz dsl
    >accounts(three xtra, one ihug, one paradise) immediatly after dial up.
    >
    >a quick google says "IPH-POLICY-CLI."
    >
    >
    >The machine is Windows XP, and has the default FW, but this port is
    >entered as exception. The machine is a home machine, and is only used
    >for www and email access.
    >
    >Im inclined to remove the exception and check it out later if it breaks
    >anything, but thought I'd check first.


    According to http://live.dshield.org/port_report.php?port=2962 there
    aren't any known vulnerabilities for this port. Unfortunately it
    doesn't give much useful info, either.

    I'd say whack it off and see what happens...
    Gurble, Sep 26, 2004
    #3
  4. Dave - Dave.net.nz

    Dave Taylor Guest

    "Dave - Dave.net.nz" <Dave@_no_spam_here_please_dave.net.nz> wrote in
    news::

    > a machine I was working on had 5 connections all to nz dsl
    > accounts(three xtra, one ihug, one paradise) immediatly after dial up.
    >


    You could use something like sysinternals.com's tcpview on the machine to
    find out what app is using this port and decide what action to take from
    there.
    Ciao, Dave
    Dave Taylor, Sep 26, 2004
    #4
  5. Dave - Dave.net.nz

    EMB Guest

    Dave - Dave.net.nz wrote:
    > Anyone know what port 2962 is used for?
    >
    > a machine I was working on had 5 connections all to nz dsl
    > accounts(three xtra, one ihug, one paradise) immediatly after dial up.
    >
    > a quick google says "IPH-POLICY-CLI."
    >
    >
    > The machine is Windows XP, and has the default FW, but this port is
    > entered as exception. The machine is a home machine, and is only used
    > for www and email access.
    >
    > Im inclined to remove the exception and check it out later if it breaks
    > anything, but thought I'd check first.


    Dave - check for inetinfo.exe running. It's a legit IIS process of some
    sort but can apparently also be compromised by some fscknasty thing too.

    --
    EMB
    change two to the number to reply
    EMB, Sep 26, 2004
    #5
  6. Dave - Dave.net.nz

    Craig Sutton Guest

    "Dave Taylor" <> wrote in message
    news:Xns9570CAE4D38E1daveytaynospamplshot@202.20.93.13...
    > "Dave - Dave.net.nz" <Dave@_no_spam_here_please_dave.net.nz> wrote in
    > news::
    >
    > > a machine I was working on had 5 connections all to nz dsl
    > > accounts(three xtra, one ihug, one paradise) immediatly after dial up.
    > >

    >
    > You could use something like sysinternals.com's tcpview on the machine to
    > find out what app is using this port and decide what action to take from
    > there.


    netstat -ao

    Look up the PID in the task manager
    Craig Sutton, Sep 26, 2004
    #6
  7. Gurble wrote:
    > Well obviously you should be using Linux. Yada, yada.


    hahaha
    good, thanks :)
    Dave - Dave.net.nz, Sep 26, 2004
    #7
  8. Gurble wrote:
    >>Im inclined to remove the exception and check it out later if it breaks
    >>anything, but thought I'd check first.


    > According to http://live.dshield.org/port_report.php?port=2962 there
    > aren't any known vulnerabilities for this port. Unfortunately it
    > doesn't give much useful info, either.


    > I'd say whack it off and see what happens...


    heh @ whacking off.
    sorry, one of those moods.

    yeah, it doesnt seem to have broken anything.
    I've since found out that the guy did have someone else playing
    with/configuring it, for IRC or something... erk.

    either way, it's disabled.
    Dave - Dave.net.nz, Sep 26, 2004
    #8
  9. Dave - Dave.net.nz

    Dave Taylor Guest

    "Craig Sutton" <> wrote in
    news:cj64t3$g7k$:

    >
    > "Dave Taylor" <> wrote in message
    > news:Xns9570CAE4D38E1daveytaynospamplshot@202.20.93.13...
    >> "Dave - Dave.net.nz" <Dave@_no_spam_here_please_dave.net.nz> wrote in
    >> news::
    >>
    >> > a machine I was working on had 5 connections all to nz dsl
    >> > accounts(three xtra, one ihug, one paradise) immediatly after dial
    >> > up.
    >> >

    >>
    >> You could use something like sysinternals.com's tcpview on the
    >> machine to find out what app is using this port and decide what
    >> action to take from there.

    >
    > netstat -ao
    >
    > Look up the PID in the task manager
    >
    >


    I think that is only available in XP's and other OS's Netstat.
    TCPView works in any win32 OS AFAIK.
    Ciao, Dave
    Dave Taylor, Sep 26, 2004
    #9
  10. Craig Sutton wrote:
    >>>a machine I was working on had 5 connections all to nz dsl
    >>>accounts(three xtra, one ihug, one paradise) immediatly after dial up.


    >>You could use something like sysinternals.com's tcpview on the machine to
    >>find out what app is using this port and decide what action to take from
    >>there.


    > netstat -ao
    > Look up the PID in the task manager


    Im not there now, but I just did this on my home machine and got this.
    Half-man is my machine*

    C:\Documents and Settings\Dave & Karyn>netstat -ao
    Active Connections
    Proto Local Address Foreign Address State PID
    TCP half-man:http half-man:0 LISTENING 1068
    TCP half-man:epmap half-man:0 LISTENING 748
    TCP half-man:https half-man:0 LISTENING 1068
    TCP half-man:ms-ds half-man:0 LISTENING 4
    TCP half-man:5800 half-man:0 LISTENING 440
    TCP half-man:5900 half-man:0 LISTENING 440
    TCP half-man:55884 half-man:0 LISTENING 1068
    TCP half-man:1026 half-man:0 LISTENING 2000
    TCP half-man:2958 localhost:2959 ESTABLISHED 344
    TCP half-man:2959 localhost:2958 ESTABLISHED 344
    TCP half-man:3610 chimphy-pc52.ulb.ac.be:4078 ESTABLISHED 1068
    TCP half-man:3621 individual.net:nntp ESTABLISHED 344
    TCP half-man:3622 mysql.synaptic.net.nz:imap ESTABLISHED 344
    TCP half-man:3628 mysql.synaptic.net.nz:imap TIME_WAIT 0
    UDP half-man:microsoft-ds *:* 4
    UDP half-man:1029 *:* 828
    UDP half-man:1030 *:* 828
    UDP half-man:1031 *:* 828
    UDP half-man:1032 *:* 828
    UDP half-man:1238 *:* 828
    UDP half-man:1239 *:* 828
    UDP half-man:1240 *:* 828
    UDP half-man:1241 *:* 828
    UDP half-man:1242 *:* 828
    UDP half-man:1243 *:* 828
    UDP half-man:55884 *:* 1068
    UDP half-man:ntp *:* 784
    UDP half-man:ntp *:* 784

    C:\Documents and Settings\Dave & Karyn>



    *the reason for being called half-man is that it used to be called
    beast, ah-la Xmen, however my dual board died, and it was split into two
    machines, half-man and half-beast :)
    Dave - Dave.net.nz, Sep 26, 2004
    #10
  11. On Sun, 26 Sep 2004 17:49:54 +1200, Dave - Dave.net.nz wrote:

    > Anyone know what port 2962 is used for?
    >
    > a machine I was working on had 5 connections all to nz dsl
    > accounts(three xtra, one ihug, one paradise) immediatly after dial up.
    >
    > a quick google says "IPH-POLICY-CLI."
    >
    >
    > The machine is Windows XP, and has the default FW, but this port is
    > entered as exception. The machine is a home machine, and is only used
    > for www and email access.
    >
    > Im inclined to remove the exception and check it out later if it breaks
    > anything, but thought I'd check first.


    You should be behind a Linux-based firewall anyway ;)

    run this command: netstat -a -o

    then match the process id up with the connection (if any).


    -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
    http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
    -----== Over 100,000 Newsgroups - 19 Different Servers! =-----
    wogers nemesis, Sep 26, 2004
    #11
  12. Dave - Dave.net.nz

    Dogg Guest

    On Sun, 26 Sep 2004 23:52:00 +1200, wogers nemesis
    <> wrote:

    >On Sun, 26 Sep 2004 17:49:54 +1200, Dave - Dave.net.nz wrote:
    >
    >> Anyone know what port 2962 is used for?
    >>
    >> a machine I was working on had 5 connections all to nz dsl
    >> accounts(three xtra, one ihug, one paradise) immediatly after dial up.
    >>
    >> a quick google says "IPH-POLICY-CLI."
    >>
    >>
    >> The machine is Windows XP, and has the default FW, but this port is
    >> entered as exception. The machine is a home machine, and is only used
    >> for www and email access.
    >>
    >> Im inclined to remove the exception and check it out later if it breaks
    >> anything, but thought I'd check first.

    >
    >You should be behind a Linux-based firewall anyway ;)
    >
    >run this command: netstat -a -o
    >
    >then match the process id up with the connection (if any).
    >


    You might need to turn on the PID column in Task Manager to see it


    BOINC SETI
    http://boinc.mundayweb.com/seti2/stats.php?userID=1469&trans=off
    Dogg, Sep 26, 2004
    #12
  13. Dogg wrote:
    >>run this command: netstat -a -o
    >>then match the process id up with the connection (if any).


    > You might need to turn on the PID column in Task Manager to see it


    Im a geek... it's always been there :)

    PS - for your sig add a "-- " without the "" marks.
    that way it'll snip properly. :)

    --
    Dave Hall
    http://www.dave.net.nz
    Dave - Dave.net.nz, Sep 26, 2004
    #13
  14. Dave - Dave.net.nz

    Dogg Guest

    On Mon, 27 Sep 2004 09:31:45 +1200, "Dave - Dave.net.nz"
    <dave@no_spam_here_dave.net.nz> wrote:

    >Dogg wrote:
    >>>run this command: netstat -a -o
    >>>then match the process id up with the connection (if any).

    >
    >> You might need to turn on the PID column in Task Manager to see it

    >
    >Im a geek... it's always been there :)
    >
    >PS - for your sig add a "-- " without the "" marks.
    >that way it'll snip properly. :)


    Before or after the URL?


    BOINC SETI
    http://boinc.mundayweb.com/seti2/stats.php?userID=1469&trans=off
    Dogg, Sep 27, 2004
    #14
  15. Dave - Dave.net.nz, Sep 27, 2004
    #15
  16. Dave - Dave.net.nz

    Dogg Guest

    Dogg, Sep 27, 2004
    #16
  17. Dave - Dave.net.nz

    Dogg Guest

    On Mon, 27 Sep 2004 14:39:49 +1200, Dogg <>
    wrote:

    >On Mon, 27 Sep 2004 14:10:49 +1200, "Dave - Dave.net.nz"
    ><dave@no_spam_here_please_dave.net.nz> wrote:
    >
    >>Dogg wrote:
    >>>>PS - for your sig add a "-- " without the "" marks.
    >>>>that way it'll snip properly. :)

    >>
    >>> Before or after the URL?
    >>> BOINC SETI
    >>> http://boinc.mundayweb.com/seti2/stats.php?userID=1469&trans=off

    >>
    >>Before the whole thing like mine below.

    >
    >I see :)


    Space removed

    --
    BOINC SETI
    http://boinc.mundayweb.com/seti2/stats.php?userID=1469&trans=off
    Dogg, Sep 27, 2004
    #17
  18. Dave - Dave.net.nz, Sep 27, 2004
    #18
  19. Dave - Dave.net.nz

    Collector-NZ Guest

    Dave - Dave.net.nz said the following on 27/09/2004 15:55:
    > Dogg wrote:
    >
    >> Space removed
    >>
    >> --
    >> BOINC SETI
    >> http://boinc.mundayweb.com/seti2/stats.php?userID=1469&trans=off

    >
    >
    > odd, it didn't snip.
    > I'll leave it to others to figure out why... thats about the depth of my
    > knowledge.
    >

    it is dash dash space

    but only 1 space and a hard carriage return
    Collector-NZ, Sep 27, 2004
    #19
  20. Dave - Dave.net.nz

    AD. Guest

    On Mon, 27 Sep 2004 15:55:09 +1200, Dave - Dave.net.nz wrote:

    > Dogg wrote:
    >> Space removed
    >>
    >> --
    >> BOINC SETI
    >> http://boinc.mundayweb.com/seti2/stats.php?userID=1469&trans=off

    >
    > odd, it didn't snip.
    > I'll leave it to others to figure out why... thats about the depth of my
    > knowledge.


    It's up to the newsreader. Pan snipped it, even though it was missing the
    space.

    Cheers
    Anton
    AD., Sep 27, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Weiguang Shi
    Replies:
    1
    Views:
    4,408
  2. Jon Whitear
    Replies:
    2
    Views:
    2,248
    Jon Whitear
    Nov 4, 2003
  3. Dmitry
    Replies:
    0
    Views:
    3,559
    Dmitry
    Apr 1, 2004
  4. Link
    Replies:
    1
    Views:
    428
    Walter Roberson
    May 9, 2004
  5. John Ramsden
    Replies:
    0
    Views:
    813
    John Ramsden
    Jul 24, 2004
Loading...

Share This Page