Results 1 to 10 of 10

Thread: Port 4662 ?

  1. #1
    Junior Member
    Join Date
    Aug 2001
    Posts
    29

    Port 4662 ?

    Hi, is there someone that know how I can block all those annoying connections
    I get at port 4662, I know that my firewall block that port, but it uses
    9kb/s of my 32 bandwidth, so it’s not that fun :-/, so anyone that know what
    To do with this problem?

    Ps: I have a SpeedStream router, and am running BlackICE Defender V2.9 on
    my win xp box.

  2. #2
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    Are you using any kind of P2P filesharing, or running any services?

    Port 4662 TCP, UDP
    Kurt Seifried, kurt@seifried.org


    --------------------------------------------------------------------------------

    Port number: 4662

    Common name(s): edonkey

    Common service(s): Edonkey2000 peer to peer file sharing

    Service description(s): Edonkey2000 is a peer to peer file sharing service similar to Kazaa or Napster.

    Common server(s): Edonkey2000 is a peer to peer service, hence clients and servers are interchangable to a large degree.

    Common client(s): donkey2000 is a peer to peer service, hence clients and servers are interchangable to a large degree.

    Common problem(s): Distribution of copyrighted material and high bandwidth usage

    Encrypted options: N/A

    Secure options: N/A

    Firewalling recommendations: Firewall port 4662 inbound and outbound if possible. Ensure that clients are using a higher port range then 1024 to ~5000 for outgoing connections or connections will occasionally fail.

    Attack detection: N/A

    Related URL(s): http://www.edonkey2000.com/

    Other notes: N/A




    --------------------------------------------------------------------------------

    Back

    Last updated 1/25/2002

    Copyright Kurt Seifried 2002
    taken from http://www.seifried.org/security/ports/4000/4662.html
    yeah, I\'m gonna need that by friday...

  3. #3
    Junior Member
    Join Date
    Aug 2001
    Posts
    29
    I am using eMule(donkey clone), but i havent started the program, so why
    am i still getting traffic from the program ?
    I am also running FTP,Web and MySQL
    \"I hold you so that you will be whole.\"
    \"I\'m not whole. Does that mean that you
    won\'t hold me anymore?\"

  4. #4
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    I don't know! But that's the port edonkey uses...
    i'd gander that your donkey software is running in the background...
    that's most likely what it is... try fooling around with it... hope this helped...

    -take it easy!
    yeah, I\'m gonna need that by friday...

  5. #5
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by Charmed Rulez
    I am using eMule(donkey clone), but i havent started the program, so why
    am i still getting traffic from the program ?
    I am also running FTP,Web and MySQL
    If in fact it is a donkey clone, it stands to reason, it is going to use the same port. I don't use p2p software so my help might be limited. Did emule come with an install program, if so and you ran it, then I think tampabay is likely right in that something is running in the background. Check your process, what is running there? If all else fails, try uninstalling the program.


    Cheers:
    DjM

  6. #6
    Junior Member
    Join Date
    Aug 2001
    Posts
    29
    The eMule program is not running, I think that there is just some
    Users that are scanning connections for that open port, because
    I get allot of scan’s from different IP's

    Isn’t there a way to stop the traffic, so it won't take up my kb/s ?

    You can see that the 4662 port isn’t in use

    FPort v2.0 - TCP/IP Process to Port Mapper
    Copyright 2000 by Foundstone, Inc.
    http://www.foundstone.com

    Pid Process Port Proto Path
    1372 ntserver -> 21 TCP D:\SAMBAR\BIN\ntserver.exe
    1372 ntserver -> 80 TCP D:\SAMBAR\BIN\ntserver.exe
    768 svchost -> 135 TCP C:\WINDOWS\system32\svchost.exe
    4 System -> 139 TCP
    1372 ntserver -> 1036 TCP D:\SAMBAR\BIN\ntserver.exe
    1372 ntserver -> 1037 TCP D:\SAMBAR\BIN\ntserver.exe
    0 System -> 1653 TCP
    0 System -> 1654 TCP
    0 System -> 1656 TCP
    0 System -> 1657 TCP
    1284 mysqld-nt -> 3306 TCP C:\mysql\bin\mysqld-nt.exe
    1372 ntserver -> 3866 TCP D:\SAMBAR\BIN\ntserver.exe
    1372 ntserver -> 3867 TCP D:\SAMBAR\BIN\ntserver.exe
    3064 Bersirc -> 4184 TCP C:\Program Files\Bersirc\Bersirc.exe
    2876 msmsgs -> 9333 TCP C:\Program Files\Messenger\msmsgs.exe

    1372 ntserver -> 135 UDP D:\SAMBAR\BIN\ntserver.exe
    4 System -> 137 UDP
    1372 ntserver -> 138 UDP D:\SAMBAR\BIN\ntserver.exe
    1372 ntserver -> 500 UDP D:\SAMBAR\BIN\ntserver.exe
    768 svchost -> 1025 UDP C:\WINDOWS\system32\svchost.exe
    1372 ntserver -> 1027 UDP D:\SAMBAR\BIN\ntserver.exe
    1372 ntserver -> 1028 UDP D:\SAMBAR\BIN\ntserver.exe
    1284 mysqld-nt -> 1137 UDP C:\mysql\bin\mysqld-nt.exe
    1284 mysqld-nt -> 1150 UDP C:\mysql\bin\mysqld-nt.exe
    1372 ntserver -> 1211 UDP D:\SAMBAR\BIN\ntserver.exe
    1372 ntserver -> 1611 UDP D:\SAMBAR\BIN\ntserver.exe
    1372 ntserver -> 4057 UDP D:\SAMBAR\BIN\ntserver.exe
    3064 Bersirc -> 4298 UDP C:\Program Files\Bersirc\Bersirc.exe
    1372 ntserver -> 4327 UDP D:\SAMBAR\BIN\ntserver.exe
    1284 mysqld-nt -> 4328 UDP C:\mysql\bin\mysqld-nt.exe
    0 System -> 14113 UDP

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Go to www.sysinternals.com and download process explorer. This will solve the mystery for you.

    Hope this helps!
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #8
    Junior Member
    Join Date
    Aug 2001
    Posts
    29
    Well, it’s still the same no eMule open only normal win xp stuff
    Imo its just computers that logs people who use eMule(donkey)
    And then scans the user’s ip to try getting a list of shared files

    Maybe im wrong?
    \"I hold you so that you will be whole.\"
    \"I\'m not whole. Does that mean that you
    won\'t hold me anymore?\"

  9. #9
    Deceased x acidreign x's Avatar
    Join Date
    Jul 2002
    Posts
    455
    You can't stop internet traffic to any port locally, not even with a client-side firewall, software or hardware, you have to use an server-side firewall, which is nothing you can do on your own. I would suggest calling your ISP and complaining.
    :q :q! :wq :w :w! :wq! :quit :quit! :help help helpquit quit quithelp :quitplease :quitnow :leave :**** ^X^C ^C ^D ^Z ^Q QUITDAMMIT ^[:wq GCS,M);d@;p;c++;l++;u ++ ;e+ ;m++(---) ;s+/+ ;n- ;h* ;f+(--) ;!g ;w+(-) ;t- ;r+(-) ;y+(**)

  10. #10
    Senior Member
    Join Date
    Apr 2002
    Posts
    634
    Isn't the port 4662 used by the first version of the MySQL worm which seriously slowed down the Internet 3-4 weeks ago?
    After re-reading an article about it, I guess it must be it.
    As it is not an outbound connection but a scan, you can't blok it more efficiently than with your firewall if we exept contacting the user(s) who is(are) infected and who scan(s) you.
    Life is boring. Play NetHack... --more--

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •