Windows Server - What is Port 31665?

Asked By Brandon
13-Aug-07 11:25 AM
After a series of many failed login attempts on our server using various
seem to find out what this port is . . . or does it matter?  I'm just trying
to figure out if this should be a concern.

--
Brandon
Windows Server SBS Discussions
 
Windows
(1)
Handshake
(1)
Offchance
(1)
Smtp
(1)
Ano
(1)
  simon replied...
13-Aug-07 11:54 AM
Hi,
Thats a high port number, normally what happens in a tcp handshake is
that the remote party connects to the remote host on the port number
assigned to the program, eg 23 for telnet, 25 for smtp etc, in doing
this it selects its own local high port to use (above 1023) are you sure
you are reading the logs correctly ? Also where are you seeing these
errors logged.
simon
  Brandon replied...
13-Aug-07 12:13 PM
In the security event log is where I'm finding the failed logins using
still trying to determine if I'm reading the success logins (immediately
following the failed logins) correctly.

--
Brandon
  Joe replied...
13-Aug-07 04:18 PM
Always be concerned unless you know otherwise.

A high port like this would normally be used for listening by a
process which doesn't have admin privileges, i.e. not a normal
Windows service. Various games and malware tend to listen on
ports this high.

Try netstat -an at a command prompt, which ought to show you what
is listening on the port. Also try to telnet to it, on the offchance
it might return a helpful banner, or at least confirm something
really is listening there.
  Matthew X. Economou replied...
14-Aug-07 05:18 PM
Brandon> After a series of many failed login attempts on our
Brandon> server using various "high" port numbers, I find a
Brandon> successful login on port 31665, but I can't seem to find
Brandon> out what this port is . . . or does it matter?  I'm just
Brandon> trying to figure out if this should be a concern.

Can you determine the source of these failed login attempts from the
log messages?  This may be an indication of a compromised computer or
a malicious (trusted) user on your internal network.  It's worth
further investigation.

To determine which process is listening on that service port, you can
use the "-b" option to NETSTAT.EXE.

It's strange that your log messages do not include the name of the
application or service that's generating the log entries.

Best wishes,
Matthew

--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
  Iako replied...
14-Aug-07 06:48 PM
What is presently listening on port 31665?  Type this command line:
netstat -ano | find "31665"
If there are no results,  then nothing is listening on that port.


Is 31665 a known port?  Look here:
http://www.portforward.com/cports.htm
Previous Discussion:  Loosing fax service after reboot
Create New Account
help
Windows Server sbs2008 dns issue Hi, I just installed SBS2008 and love it but I have outside access, are you using http: / / OR = https: / / ? - - = 20 Cris Hanna [SBS - MVP] Co-Contributor, Windows Small Business Server 2008 Unleashed http: / / www.amazon.com / Windows-Small-Business-Server-Unleashed / dp / 06723295 = 73 / ref = 3Dpd_bbs_sr_1?ie = 3DUTF8&s = 3Dbooks&qid = 3D1217269967 DIV> Business = 20 Server 2008 Unleashed<BR> <A = 20 href = 3D"http: / / www.amazon.com / Windows-Small-Business-Server-Unleashed / dp / = 0672329573 / ref = 3Dpd_bbs_sr_1?ie = 3DUTF8&s = 3Dbooks&qid = 3D1217269967 = &sr = 3D8-1"> http: / / www.amazon.com / Windows-Small-Business-Server-Unleas = hed / dp / 0672329573 / ref = 3Dpd_bbs_sr_1?ie = 3DUTF8&s = 3Dbooks&qid = 3D121 outside access, are you using http: / / OR = https: / / ? - - = 20 Cris Hanna [SBS - MVP] Co-Contributor, Windows Small Business Server 2008 Unleashed = http: / / www.amazon.com / Windows-Small-Business-Server-Unleashed / dp / 06723295 = 73 / ref = 3Dpd_bbs_sr_1?ie = 3DUTF8&s = 3Dbooks&qid = 3D1217269967 Small = 20 Business Server 2008 Unleashed<BR> <A = 20 = href = 3D"http: / / www.amazon.com / Windows-Small-Business-Server-Unleashed / dp / = 0672329573 / ref = 3Dpd_bbs_sr_1?ie = 3DUTF8&s = 3Dbooks&qid = 3D1217269967 = &sr
Windows Server Cannot join my W2K8 server to my sBS 2003 R2 domain I'm trying to join a Windows 2008 server to a SBS 2003 R2 domain. The SBS 2003 R2 server is fully here Be sure to identify which is which. - - = 20 Cris Hanna [SBS - MVP] Co-Contributor, Windows Small Business Server 2008 Unleashed http: / / www.amazon.com / Windows-Small-Business-Server-Unleashed / dp / 06723295 = 73 / ref = 3Dpd_bbs_sr_1?ie = 3DUTF8&s = 3Dbooks&qid = 3D1217269967 Microsoft Please do not submit questions directly to me. I'm trying to join a Windows 2008 server to a SBS 2003 R2 domain. The = SBS = 20 2003 R2 server is DIV> Business = 20 Server 2008 Unleashed<BR> <A = 20 href = 3D"http: / / www.amazon.com / Windows-Small-Business-Server-Unleashed / dp / = 0672329573 / ref = 3Dpd_bbs_sr_1?ie = 3DUTF8&s = 3Dbooks&qid = 3D1217269967 = &sr = 3D8-1"> http: / / www.amazon.com / Windows-Small-Business-Server-Unleas = hed / dp / 0672329573 / ref = 3Dpd_bbs_sr_1?ie = 3DUTF8&s = 3Dbooks&qid = 3D121 com"> Birdies@BogusEmail.com< / A> > = wrote in = 20 message <A = 20 = trying to join a Windows 2008 server to a SBS 2003 R2 domain. The SBS = R2 server is fully patched
Windows Server Event ID errors 40961 and 40960 (source = LSASRV) Hi All, I'm desparate and success: -Based on research installed WinXP SP3. -Checked eventvwr and still noticed domain errors; ran windows update again. -Tried to do a ipconfig / registerdns per recommendation of research. -Tried to leave chance this computer has McAfee installed on it? - - = 20 Cris Hanna [SBS - MVP] Co-Author, Windows Small Business Server 2008 Unleashed http: / / www.amazon.com / Windows-Small-Business-Server-Unleashed / dp / 06723295 = 73 / ref = 3Dpd_bbs_sr_1?ie = 3DUTF8&s = 3Dbooks&qid = 3D1217269967 success: -Based on research installed WinXP SP3. -Checked eventvwr and still noticed domain errors; ran windows update = again. -Tried to do a ipconfig / registerdns per recommendation of research. -Tried to leave DIV> Business = 20 Server 2008 Unleashed<BR> <A = 20 href = 3D"http: / / www.amazon.com / Windows-Small-Business-Server-Unleashed / dp / = 0672329573 / ref = 3Dpd_bbs_sr_1?ie = 3DUTF8&s = 3Dbooks&qid = 3D1217269967 = &sr = 3D8-1"> http: / / www.amazon.com / Windows-Small-Business-Server-Unleas = hed / dp / 0672329573 / ref = 3Dpd_bbs_sr_1?ie = 3DUTF8&s = 3Dbooks&qid = 3D121 on research installed WinXP = SP3.<BR> -Checked = 20 eventvwr and still noticed domain errors; ran windows update = again.<BR> -Tried = 20 to do a ipconfig / registerdns per recommendation of = research.<BR
Windows Server Windows Update no longer working 0x80004002 Windows automatic update is no longer working. Since June 10 I get 0x80004002 related errors. Then today I tried to update manually from the windows update site, which brings me in an endless loop. The message after selecting quick update and files are not on the computer, I am asked to correct this, I continue, Windows is downloading and registering the files (tells the webpage), after which I am redirected to force install WUA with WindowsUpdateAgent20-x86.exe / wuforce and after that tried to update from Windows Update website. Again, I am in the same loop: I select quick scan, get the help me out. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = 2007-06-13 18:39:34 4048 1690 Setup * Inf file: C: \ WINDOWS \ SoftwareDistribution \ WebSetup \ wusetup.inf 2007-06-13 18:39:34 4048 1690 Setup Update required for C: \ WINDOWS \ system32 \ cdm.dll: target version = 5.8.0.2694, required version = 5.8.0.2469