Security Incidents mailing list archives
Re: Connections to Port 5632
From: Doug Winter <dwinter () BUSINESSEUROPE COM>
Date: Fri, 4 Aug 2000 17:57:48 +0100
pauls () utdallas edu wrote:
You should have also seen an equal number of connection attempts to port 22/UDP.
Nope - no connections to 22/UDP at all.
PC Anywhere is a very "dumb" software that assumes it's on a Windows network. It broadcasts aimlessly looking for any clients/servers it can converse with. If you have a copy of PC Anywhere, you can connect to that IP, and if the individual isn't smart enough to have password protected his/her copy, you'll be able to take control of their machine. (The default is no password.)
There aren't any windoze machines on that subnet at all - it's all UNIX. And we didn't see these connections on other machines on that subnet, so it looks like it was targeted at that machine in particular. most odd. Cheers, Doug Winter Chief Technology Officer T: +44 (0)20 7961 0341 M: +44 (0)7879 423 002 E: dwinter () businesseurope com 3 Waterhouse Square, Holborn Bars, 142 Holborn, London EC1N 2NX
Current thread:
- Connections to Port 5632 Doug Winter (Aug 04)
- Re: Connections to Port 5632 Valdis Kletnieks (Aug 07)
- Re: Connections to Port 5632 Paul L Schmehl (Aug 07)
- <Possible follow-ups>
- Re: Connections to Port 5632 Doug Winter (Aug 07)
- FW: Connections to Port 5632 Forrester, Mike (Aug 08)
- Re: FW: Connections to Port 5632 Philipp Buehler (Aug 09)
- Re: FW: Connections to Port 5632 GraffiX (Aug 10)
- Re: FW: Connections to Port 5632 Philipp Buehler (Aug 13)
- Re: FW: Connections to Port 5632 GraffiX (Aug 14)
- Re: FW: Connections to Port 5632 Philipp Buehler (Aug 09)