-
February 12th, 2003, 04:36 PM
#1
Junior Member
Port 4662 ?
Hi, is there someone that know how I can block all those annoying connections
I get at port 4662, I know that my firewall block that port, but it uses
9kb/s of my 32 bandwidth, so it’s not that fun :-/, so anyone that know what
To do with this problem?
Ps: I have a SpeedStream router, and am running BlackICE Defender V2.9 on
my win xp box.
-
February 12th, 2003, 04:48 PM
#2
Are you using any kind of P2P filesharing, or running any services?
Port 4662 TCP, UDP
Kurt Seifried, kurt@seifried.org
--------------------------------------------------------------------------------
Port number: 4662
Common name(s): edonkey
Common service(s): Edonkey2000 peer to peer file sharing
Service description(s): Edonkey2000 is a peer to peer file sharing service similar to Kazaa or Napster.
Common server(s): Edonkey2000 is a peer to peer service, hence clients and servers are interchangable to a large degree.
Common client(s): donkey2000 is a peer to peer service, hence clients and servers are interchangable to a large degree.
Common problem(s): Distribution of copyrighted material and high bandwidth usage
Encrypted options: N/A
Secure options: N/A
Firewalling recommendations: Firewall port 4662 inbound and outbound if possible. Ensure that clients are using a higher port range then 1024 to ~5000 for outgoing connections or connections will occasionally fail.
Attack detection: N/A
Related URL(s): http://www.edonkey2000.com/
Other notes: N/A
--------------------------------------------------------------------------------
Back
Last updated 1/25/2002
Copyright Kurt Seifried 2002
taken from http://www.seifried.org/security/ports/4000/4662.html
yeah, I\'m gonna need that by friday...
-
February 12th, 2003, 04:58 PM
#3
Junior Member
I am using eMule(donkey clone), but i havent started the program, so why
am i still getting traffic from the program ?
I am also running FTP,Web and MySQL
\"I hold you so that you will be whole.\"
\"I\'m not whole. Does that mean that you
won\'t hold me anymore?\"
-
February 12th, 2003, 05:01 PM
#4
I don't know! But that's the port edonkey uses...
i'd gander that your donkey software is running in the background...
that's most likely what it is... try fooling around with it... hope this helped...
-take it easy!
yeah, I\'m gonna need that by friday...
-
February 12th, 2003, 05:08 PM
#5
Originally posted here by Charmed Rulez
I am using eMule(donkey clone), but i havent started the program, so why
am i still getting traffic from the program ?
I am also running FTP,Web and MySQL
If in fact it is a donkey clone, it stands to reason, it is going to use the same port. I don't use p2p software so my help might be limited. Did emule come with an install program, if so and you ran it, then I think tampabay is likely right in that something is running in the background. Check your process, what is running there? If all else fails, try uninstalling the program.
Cheers:
-
February 12th, 2003, 05:28 PM
#6
Junior Member
The eMule program is not running, I think that there is just some
Users that are scanning connections for that open port, because
I get allot of scan’s from different IP's
Isn’t there a way to stop the traffic, so it won't take up my kb/s ?
You can see that the 4662 port isn’t in use
FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com
Pid Process Port Proto Path
1372 ntserver -> 21 TCP D:\SAMBAR\BIN\ntserver.exe
1372 ntserver -> 80 TCP D:\SAMBAR\BIN\ntserver.exe
768 svchost -> 135 TCP C:\WINDOWS\system32\svchost.exe
4 System -> 139 TCP
1372 ntserver -> 1036 TCP D:\SAMBAR\BIN\ntserver.exe
1372 ntserver -> 1037 TCP D:\SAMBAR\BIN\ntserver.exe
0 System -> 1653 TCP
0 System -> 1654 TCP
0 System -> 1656 TCP
0 System -> 1657 TCP
1284 mysqld-nt -> 3306 TCP C:\mysql\bin\mysqld-nt.exe
1372 ntserver -> 3866 TCP D:\SAMBAR\BIN\ntserver.exe
1372 ntserver -> 3867 TCP D:\SAMBAR\BIN\ntserver.exe
3064 Bersirc -> 4184 TCP C:\Program Files\Bersirc\Bersirc.exe
2876 msmsgs -> 9333 TCP C:\Program Files\Messenger\msmsgs.exe
1372 ntserver -> 135 UDP D:\SAMBAR\BIN\ntserver.exe
4 System -> 137 UDP
1372 ntserver -> 138 UDP D:\SAMBAR\BIN\ntserver.exe
1372 ntserver -> 500 UDP D:\SAMBAR\BIN\ntserver.exe
768 svchost -> 1025 UDP C:\WINDOWS\system32\svchost.exe
1372 ntserver -> 1027 UDP D:\SAMBAR\BIN\ntserver.exe
1372 ntserver -> 1028 UDP D:\SAMBAR\BIN\ntserver.exe
1284 mysqld-nt -> 1137 UDP C:\mysql\bin\mysqld-nt.exe
1284 mysqld-nt -> 1150 UDP C:\mysql\bin\mysqld-nt.exe
1372 ntserver -> 1211 UDP D:\SAMBAR\BIN\ntserver.exe
1372 ntserver -> 1611 UDP D:\SAMBAR\BIN\ntserver.exe
1372 ntserver -> 4057 UDP D:\SAMBAR\BIN\ntserver.exe
3064 Bersirc -> 4298 UDP C:\Program Files\Bersirc\Bersirc.exe
1372 ntserver -> 4327 UDP D:\SAMBAR\BIN\ntserver.exe
1284 mysqld-nt -> 4328 UDP C:\mysql\bin\mysqld-nt.exe
0 System -> 14113 UDP
-
February 12th, 2003, 05:29 PM
#7
Go to www.sysinternals.com and download process explorer. This will solve the mystery for you.
Hope this helps!
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
February 12th, 2003, 05:44 PM
#8
Junior Member
Well, it’s still the same no eMule open only normal win xp stuff
Imo its just computers that logs people who use eMule(donkey)
And then scans the user’s ip to try getting a list of shared files
Maybe im wrong?
\"I hold you so that you will be whole.\"
\"I\'m not whole. Does that mean that you
won\'t hold me anymore?\"
-
February 12th, 2003, 06:45 PM
#9
You can't stop internet traffic to any port locally, not even with a client-side firewall, software or hardware, you have to use an server-side firewall, which is nothing you can do on your own. I would suggest calling your ISP and complaining.
:q :q! :wq :w :w! :wq! :quit :quit! :help help helpquit quit quithelp :quitplease :quitnow :leave :**** ^X^C ^C ^D ^Z ^Q QUITDAMMIT ^[:wq GCS,M);d@;p;c++;l++;u ++ ;e+ ;m++(---) ;s+/+ ;n- ;h* ;f+(--) ;!g ;w+(-) ;t- ;r+(-) ;y+(**)
-
February 12th, 2003, 11:59 PM
#10
Isn't the port 4662 used by the first version of the MySQL worm which seriously slowed down the Internet 3-4 weeks ago?
After re-reading an article about it, I guess it must be it.
As it is not an outbound connection but a scan, you can't blok it more efficiently than with your firewall if we exept contacting the user(s) who is(are) infected and who scan(s) you.
Life is boring. Play NetHack... --more--
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|