[Snort-sigs] Signature Definition #507, 8 of 20

Esler, Joel Contractor EslerJ at ...785...
Mon Jun 9 05:35:21 EDT 2003

 Rule: -- MISC PCAnywhere Attempted Administrator Login 
 Sid: -- 507
 Summary: -- This string detects an Administrator Login on PCAnywhere Server
Port 5631.
 Impact: -- Severe, if PCAnywhere is installed in your network, it will
bypass security devices.
 Detailed Information: -- PCAnywhere, a remote desktop control tool will
allow remote control over a computer, whether it be inside or outside the
network.  Similar to Terminal Services for Microsoft Servers.
 Affected Systems: -- Any that have the software installed
 Attack Scenarios: -- Dangerous
 Ease of Attack: -- Easy if installed
 False Positives: -- if the word administrator appears in any string with a
destination port of 5631.  Such as on a webpage perhaps.
 False Negatives: -- Unknown
 Corrective Action: -- Find and remove PCAnywhere on internal systems.
 Contributors: -- Joel Esler
 Additional References: www.pcanywhere.com

More information about the Snort-sigs mailing list