Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PC Anywhere client seems to probe class C of connected networks

From: pauls () UTDALLAS EDU (Paul L Schmehl)
Date: Wed, 26 Jan 2000 14:09:58 -0600

Unfortunately, PC Anywhere assumes it's on a Windoze network, and it goes
out looking for connections on every host it can find.  The port numbers
you cite are the two ports it uses for its connections.

I get these all the time in my firewall logs at home.

--On 1/25/00, 5:06 PM -0500 Troy Ablan <chaser () SHORE NET> wrote:


A new rash of abuse desk inquiries have to do with PC Anywhere probes on
port 5632 and ssh port 22 from clients within the same class C as the
computers reporting the probing.  This happens on our dynamic dialup pools
as well as netblocks we allocate subnets and dialup statics.

Does anyone have any experience with this software?  Is is on by default?
Can the probing be turned off altogether or on a per-interface basis?
Any abuse desks with many new reports of this over the last few weeks?

--
Troy Ablan   chaser () shore net         M-F 11p-7a
             Shore.Net     Systems Administrator
             support () shore net      781-593-3110


Paul L. Schmehl, pauls () utdallas edu
Technical Support Services Manager
The University of Texas at Dallas
Previous By Date Next
Previous By Thread Next

Current thread: