I need to detect PCAnywhere users on my network

Edit Subject

The recent vulnerabilities in PCAnywhere mean that I need to ensure that all systems on my network with it installed are patched. How can I use the LANGuardian to report on these users?

1 person has
this question +1

Answered

EMPLOYEE

0

Edit

Delete

Remove

Official

Michael Finn (Official Rep) January 26, 2012 17:53

The quickest way to monitor for PCAnywhere activity is the run a
Traffic Distribution Report with IP protocol field set to TCP and
enter 65301,5631 in the Destination Port field. This will monitor for
activity on the Data ports associated with PCAnywhere.

A second report to run would be a Traffic Distribution Report with IP
protocol field set to UDP and enter 22,5632 in the Destination Port
field. This will monitor for activity on the status fields assocaited
with PCAnywhere.

Both of these reports should be saved as Custom reports which could then be added to one of your dashboards

For more details on the network ports used by PCAnywhere see http://service1.symantec.com/support/...

It would also be advisable to monitor for any netscanning activity on these ports to check if any internal or external hosts are attempting to exploit this vunerability. To do this access a Netscan :: by Source report and enter 65301,5631,22,6532 in the Port field. After running the report save as a custom report.

These 2 actions will allow you detect PCAnywhere activity on your network and will also allow detect any hosts attempting to detect possibily vunerable systems on your network.

Comment

good answer! good answer! (undo)
- Cancel
Edit Your Reply (some HTML allowed)
What's the status of this question?

The quickest way to monitor for PCAnywhere activity is the run a Traffic Distribution Report with IP protocol field set to TCP and enter 65301,5631 in the Destination Port field. This will monitor for activity on the Data ports associated with PCAnywhere. A second report to run would be a Traffic Distribution Report with IP protocol field set to UDP and enter 22,5632 in the Destination Port field. This will monitor for activity on the status fields assocaited with PCAnywhere. Both of these reports should be saved as Custom reports which could then be added to one of your dashboards For more details on the network ports used by PCAnywhere see http://service1.symantec.com/support/pca.nsf/pfdocs/1998122810210812 It would also be advisable to monitor for any netscanning activity on these ports to check if any internal or external hosts are attempting to exploit this vunerability. To do this access a Netscan :: by Source report and enter 65301,5631,22,6532 in the Port field. After running the report save as a custom report. These 2 actions will allow you detect PCAnywhere activity on your network and will also allow detect any hosts attempting to detect possibily vunerable systems on your network.

How does this make you feel? Add Image

I'm
e.g. sad, anxious, confused, frustrated indifferent, undecided, unconcerned kidding, amused, unsure, silly happy, confident, thankful, excited
Cancel

Reply to This Topic (some HTML allowed)
What's the status of this question?

How does this make you feel? Add Image

I'm
e.g. sad, anxious, confused, frustrated indifferent, undecided, unconcerned kidding, amused, unsure, silly happy, confident, thankful, excited

About this Question

Official Representatives

Products & Services

Tagged

I need to detect PCAnywhere users on my network

Edit Subject

About this Question

Official Representatives

Products & Services

Tagged

I need to detect PCAnywhere users on my network Edit Subject

I need to detect PCAnywhere users on my network

Edit Subject