Security Incidents mailing list archives
Re: PC Anywhere client seems to probe class C of connected networks
From: bugtraq () NETWORKICE COM (Robert Graham)
Date: Wed, 26 Jan 2000 15:24:58 -0800
This is very common. The default PCanywhere product scans its local Class C address range. Therefore, it happens alot whenever many people share a common Class C block. The following URL from our company has a lot of details on this issue, including an animation as to what the user scanning you is seeing on his/her computer, and a couple of hints as to what that user could do to stop his/her computer from doing so. http://advice.networkice.com/advice/intrusions/2001507/ This is a help page from our personal intrusion detection product (BlackICE Defender). We try to word this in a way to reduce the load on abuse@ support desks. A summary of this is also mentioned in my FAQ of the most common types of incidents you'll see against your firewall may also be helpful. http://www.robertgraham.com/pubs/firewall-seen.html#port5632 Rob. -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () securityfocus com]On Behalf Of Troy Ablan Sent: Tuesday, January 25, 2000 2:07 PM To: INCIDENTS () securityfocus com Subject: PC Anywhere client seems to probe class C of connected networks A new rash of abuse desk inquiries have to do with PC Anywhere probes on port 5632 and ssh port 22 from clients within the same class C as the computers reporting the probing. This happens on our dynamic dialup pools as well as netblocks we allocate subnets and dialup statics. Does anyone have any experience with this software? Is is on by default? Can the probing be turned off altogether or on a per-interface basis? Any abuse desks with many new reports of this over the last few weeks? -- Troy Ablan chaser () shore net M-F 11p-7a Shore.Net Systems Administrator support () shore net 781-593-3110
Current thread:
- No Idea, (continued)
- No Idea CN (Jan 25)
- PC Anywhere client seems to probe class C of connected networks Troy Ablan (Jan 25)
- Re: PC Anywhere client seems to probe class C of connected networks Steve Ellermann (Jan 26)
- Re: PC Anywhere client seems to probe class C of connected networks Paul L Schmehl (Jan 26)
- Re: PC Anywhere client seems to probe class C of connected networks Jose Nazario (Jan 26)
- Anti-Death Penalty Robert Graham (Jan 26)
- Re: Anti-Death Penalty Derek Moeller (Jan 28)
- Re: Anti-Death Penalty Robert Graham (Jan 28)
- BOGUS.IvCD File Jonathan A. Zdziarski (Jan 26)
- Re: BOGUS.IvCD File Vanja Hrustic (Jan 27)
- Re: PC Anywhere client seems to probe class C of connected networks Robert Graham (Jan 26)
- Probes to tcp 2766 ('System V Listner') Russell Fulton (Jan 26)
- Re: No Idea Paul L Schmehl (Jan 25)
- Re: No Idea Robert Graham (Jan 25)
- Possible Probe = Possible Malfunction Ron Gula (Jan 25)
- Possible attemt at hacking? Geir A. Bjune (Jan 25)
- Re: Possible attemt at hacking? Brendan Grieve (Jan 27)
- Re: ? Adam Boileau (Jan 25)
- Korea (was RE: ?) Fernando Cardoso (Jan 26)
- Strange DNS/TCP activity Pavel Kankovsky (Jan 26)
- Re: Strange DNS/TCP activity Asmodeus (Jan 27)