Security Incidents mailing list archives
Re: PC Anywhere client seems to probe class C of connected networks
From: sellermann () RSTRAT COM (Steve Ellermann)
Date: Wed, 26 Jan 2000 12:30:15 -0700
A new rash of abuse desk inquiries have to do with PC Anywhere probes on port 5632 and ssh port 22 from clients within the same class C as the computers reporting the probing. This happens on our dynamic dialup pools as well as netblocks we allocate subnets and dialup statics.
Does anyone have any experience with this software? Is is on by default? Can the probing be turned off altogether or on a per-interface basis? Any abuse desks with many new reports of this over the last few weeks?
Your question is a little unclear to me, however the information below should help. PC Anywhere Characteristics: Protocol: UDP & TCP Ports: 22/UDP, 5632/UDP, 5631/TCP, 65301/TCP To scan an entire c class in 'Remote Control' mode, the IP settings are set to xxx.xxx.xxx.255 instead of a single address. This setting needs to be setup by the user. This will present the user with a list of workstations in that c class that have the application running in host mode. Side note: The program might have been setup in stealth mode and to start the program in host mode when the workstation is booted. To remove stealth mode: using regedit: \HKEY_LOCAL_MACHINE\Software\Symantic\pcANYWHERE\CurrentVersion\host\ Look for the DWORD 'ServiceStealthMode' To turn stealth mode off, change the value from '1' to '0' Steve Ellermann Resource Strategies - The Intelligent Use of Technology http://www.rstrat.com
Current thread:
- Re: I was scaned, (continued)
- Re: I was scaned Jose Nazario (Jan 23)
- Re: I was scaned Gene Harris (Jan 23)
- Re: I was scaned Keith Owens (Jan 24)
- Got scaned again C. (Jan 24)
- ? C. (Jan 24)
- Re: ? Mike Tancsa (Jan 24)
- Re: ? Brock Sides (Jan 24)
- Re: unapproved AXFR Russell Fulton (Jan 24)
- No Idea CN (Jan 25)
- PC Anywhere client seems to probe class C of connected networks Troy Ablan (Jan 25)
- Re: PC Anywhere client seems to probe class C of connected networks Steve Ellermann (Jan 26)
- Re: PC Anywhere client seems to probe class C of connected networks Paul L Schmehl (Jan 26)
- Re: PC Anywhere client seems to probe class C of connected networks Jose Nazario (Jan 26)
- Anti-Death Penalty Robert Graham (Jan 26)
- Re: Anti-Death Penalty Derek Moeller (Jan 28)
- Re: Anti-Death Penalty Robert Graham (Jan 28)
- BOGUS.IvCD File Jonathan A. Zdziarski (Jan 26)
- Re: BOGUS.IvCD File Vanja Hrustic (Jan 27)
- Re: PC Anywhere client seems to probe class C of connected networks Robert Graham (Jan 26)
- Probes to tcp 2766 ('System V Listner') Russell Fulton (Jan 26)
- Re: No Idea Paul L Schmehl (Jan 25)