Security Incidents mailing list archives
Re: norton AV host discovery scan
From: "FatFinger" <fatfinger () uol com br>
Date: Sat, 8 Dec 2001 12:52:50 -0300
Ian, This port relates to Intel Ping Discovery Service (Intel PDS). It is used by NAV to scan the network and find NAV Servers/Clients. When the NAV Server "pings" the network, it tries to ping port 38293 to find NAV Servers. These NAV Servers has a list of clients that it manages. So, Symantec System Center (console) can show you all your NAV Domain. Your server will always receive connections from other NAV Servers because, every 60 minutes (by default), there's a pooling coming from NAV Clients (rtvscan.exe) trying to connect to 38293 to pull definitions and configurations. 'Till the date, I didn't hear any vulns in this service. Hope it helps ----- Original Message ----- From: "Ian Melven" <imelven () xtremesoft com> To: <incidents () securityfocus com> Sent: Thursday, December 06, 2001 1:45 PM Subject: norton AV host discovery scan
hi everyone i was wondering if anyone else has been seeing scans of 38293/udp recently ? they seem to be coming from the same source.. and repeat 1-3 times per day. snort.org's ports db tells me this is Norton AV host discovery ? i dug around briefly but couldn't find any published holes in this. i suspect someone may be misconfigured. thanks ian --------------------------------------------------------------------------
--
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- norton AV host discovery scan Ian Melven (Dec 06)
- Re: norton AV host discovery scan FatFinger (Dec 09)