Re: [PEN-TEST] Carbon Copy Question

[Jim Watt <jimw () SJO APPLIEDBIOSYSTEMS COM>]

--On 09/07/2000 11:27 AM -0400 Scott Lupro wrote:

} I am a bit curious about Carbon Copy (CC). We are doing some
} research/pen-testing on how CC communicates. We have noticed that it
} orginally begins on port 1680 but then seems to randomize its port
} number.

I'd be _very_ interested in how CC works.  We collect UDP/1680 attempts
from machines all over our internal WAN, suggesting that something
resembling machine scans for other copies of CC propagate across our
WAN.  That means the traffic isn't broadcast, or it wouldn't propagate.

This is very unnerving.  We've not seen any damage, because the machines
that are collecting the attempts aren't listening for UDP/1680 - they're
logging the attempt.

I've looked for documentation about CC port usage, and haven't
found anything.  What I'd _really_ like to find is some way CC
could be configured to not snoop WANs for other copies of itself.

Jim
--
Jim Watt                               jimw () sjo appliedbiosystems com
Applied Biosystems                     Voice (desk): +1 408 577 2228
Informatics                            Fax:          +1 408 894 9307
3833 North First Street                Voice (main): +1 408 577 2200
San Jose CA 95134-1701
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
What's happening in the Biotech world?  Find out at http://www.biobeat.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-