Security Incidents mailing list archives
Re: Connections to Port 5632
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Fri, 4 Aug 2000 13:38:16 -0400
On Fri, 04 Aug 2000 13:41:06 BST, Doug Winter <dwinter () BUSINESSEUROPE COM> said:
I've done a bit of digging and port 5632 is a pcAnywhere port, so this looks like someone running pcAnywhere, or an exploit for it, against this system - which is a bit dumb, since it's a UNIX box.
First, check and make sure that it isn't a roaming user of yours trying
to get home - he may have gotten the hostname confused, or his laptop
has an icon labeled 'telnet' or 'connect' even though it REALLY launches
pcAnywhere, or other similar bozo stunts...
Second off, I've seen some *really* dumb PC software out there - I've tried
to close off port 13 and 37 (which offer time servicdes) on the machine
that USED to be our NTP server, but one popular PC package retries the
connection immediately, over and over, even when handed an ICMP Port Unreachable.
So I have to live with 40 packets/sec of 13 and 37 traffic (yes THAT much),
because if I turn it off it jumps to 110/sec.
Blech. ;)
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
Current thread:
- Connections to Port 5632 Doug Winter (Aug 04)
- Re: Connections to Port 5632 Valdis Kletnieks (Aug 07)
- Re: Connections to Port 5632 Paul L Schmehl (Aug 07)
- <Possible follow-ups>
- Re: Connections to Port 5632 Doug Winter (Aug 07)
- FW: Connections to Port 5632 Forrester, Mike (Aug 08)
- Re: FW: Connections to Port 5632 Philipp Buehler (Aug 09)
- Re: FW: Connections to Port 5632 GraffiX (Aug 10)
- Re: FW: Connections to Port 5632 Philipp Buehler (Aug 13)
- Re: FW: Connections to Port 5632 GraffiX (Aug 14)
- Re: FW: Connections to Port 5632 Philipp Buehler (Aug 09)