I need to detect PCAnywhere users on my network

  • 1
  • Question
  • Updated 7 years ago
  • Answered
The recent vulnerabilities in PCAnywhere mean that I need to ensure that all systems on my network with it installed are patched. How can I use the LANGuardian to report on these users?
Photo of VirtualMe

VirtualMe

  • 9 Posts
  • 1 Reply Like

Posted 7 years ago

  • 1
Photo of Michael Finn

Michael Finn

  • 35 Posts
  • 5 Reply Likes
The quickest way to monitor for PCAnywhere activity is the run a
Traffic Distribution Report with IP protocol field set to TCP and
enter 65301,5631 in the Destination Port field. This will monitor for
activity on the Data ports associated with PCAnywhere.

A second report to run would be a Traffic Distribution Report with IP
protocol field set to UDP and enter 22,5632 in the Destination Port
field. This will monitor for activity on the status fields assocaited
with PCAnywhere.

Both of these reports should be saved as Custom reports which could then be added to one of your dashboards

For more details on the network ports used by PCAnywhere see http://service1.symantec.com/support/...

It would also be advisable to monitor for any netscanning activity on these ports to check if any internal or external hosts are attempting to exploit this vunerability. To do this access a Netscan :: by Source report and enter 65301,5631,22,6532 in the Port field. After running the report save as a custom report.

These 2 actions will allow you detect PCAnywhere activity on your network and will also allow detect any hosts attempting to detect possibily vunerable systems on your network.