[14810] in bugtraq
Re: Denial of Service Against pcAnywhere.
daemon@ATHENA.MIT.EDU (Patrick Turcotte)
Sat May 6 17:24:29 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-Id: <4.2.0.58.20000503111828.00b5de80@127.0.0.1>
Date: Wed, 3 May 2000 17:42:28 -0400
Reply-To: Patrick Turcotte <six@MINDLESS.COM>
From: Patrick Turcotte <six@MINDLESS.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.3.96.1000425150157.13567A-100000@sword.damocles.c om>
Greetings
Following vacuum's post... I did some testing, since colleagues of mine
have pcAnywhere running in a production environment (yes, I *am* ashamed of
reporting NT stuff ;-) ):
nmap v2.51 installed on Solaris 7 host, on the same LAN as the host, as the
scanning platform
network environment: switched 100 Mbps LAN
NT 4.0 Workstation SP1 host, pcAnywhere 9.0.0 build 133, Win98 SE client,
pcAnywhere 9.0.0 build 133: nmap -sT -sU, nmap -sS and nmap -sT all cause
pcAnywhere host app to stop answering to connection requests
NT 4.0 Workstation SP5 host, pcAnywhere 9.0.0 build 133, Win98 SE client,
pcAnywhere 9.0.0 build 133: nmap -sT causes pcAnywhere host app to stop
answering to connection requests
NT 4.0 Workstation SP5 host, pcAnywhere 9.2.0 build 239, Win98 SE client,
pcAnywhere 9.2.0 build 239: nmap -sT causes pcAnywhere host app to stop
answering to connection requests
All tests were done both in unencrypted mode and with pcAnywhere
encryption, with no difference in the results. A simple cancelling and
restarting of the pcAnywhere host service fixed the crash, but this kind of
defeats the purpose of remote administration, doesn't it? And yes, where
vacuum needed a SYN scan, a simple TCP scan was necessary here, for obscure
reasons. Some tests were also done with other portscanners, but didn't
produce the same effect; if there is some interest out there, I'll explore
this avenue further.
The information was forwarded to Symantec's tech support.
Salutations, and long live Bugtraq.
Six
At 04:40 PM 25/04/00 -0500, vacuum wrote:
>While performing a routine network audit, a TCP SYN scan caused
>every pcAnywhere Host service on the network to stop responding.
_______________________________________________________
Patrick Turcotte This is who we are.
six@mindless.com
