port identification resources

[cacosapo]

I'm trying to find information about a tcp port (17967), but i couldnt find any.

i've tried: google
Iana.org
Antivirus software web sites
insecure
AO

I would like to receive some ideas where i can look for this kind of information.
I want to find:
what software/service uses that port
which O.S. families it can appears

thanks in advance

[Tachyon]

The only thing I could find in that range was the Kuang2 virus. Some sites list is as port 17000 and some 17300.

Also found this on sarc:
http://securityresponse.symantec.com...or.dister.html

Uses 17002-17510


Might be a variant?

I'll look some more.


*Edit*

http://www.dshield.org/sourceportday...967&day=732122

3 IP's scanning today on that port...still no indication of what it might be. This showing up in your logs?

[DeadAddict]

You could download fport
http://www.foundstone.com/index.htm?...s/overview.htm
when the page comes up just scroll down to free tools and click on that then look for fport

fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the 'netstat -an' command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications.

[NemorY]

Did you try antiyports ?

[cacosapo]

Here more information about why i need it
We are receiving random scans to that port.
Not heavly, but it is unusual.
they come from a lot of hosts, so it appears the scan controls a lot of zombies.
nothing here is using that port and firewall is defeating all attacks.
but why that port?
i cant find a trojan (except that tachyon posted) that fits with this port. But Disk Master (relay smtp) doesnt appear to use that one, besides it appears to be configured to do so.

scans are direct to this port (only this one). so it appears that is a standard port configuration...