Through some discussions I have had with several people, I have a concern
about NAV 7.5 server/client setup. I wanted other expert opinions on this
issue. I am including some text from an email with a Symantec Engineer. My
questions/comments are in [brackets].
>When NSCTOP starts, it initiates a quick discovery, which is
>essentially a broadcast ping to the entire subnet. It asks
>that any application listening on port 38293 please respond
>with a pong packet. Any computers running PDS will respond to
>the ping with a pong packet.
[Can this be used in a type of smurf amplification attack??? Especially
taken with the next comment?]
>Intense Discovery. Walks the Network Neighborhood, attempting
>to ping all computers it finds.
[And lastly we have a built in Network scanner??]:
>Scan Network tab. The scan network feature of the "Find
>Computer" dialog allows you to scan a range of IP Addresses,
>or IP subnets in order to find computers. Using the IP address
>scan, you enter a range of IP addresses, which the dialog will
>then loop through. The dialog requests the discovery service
>to ping each address, and brings in any servers it finds.
>Using the IP subnet scan, you can send broadcast packets to
>specific subnets. This scan can circumvent routers that stop
>normal broadcast packets.
------------
Am I missing something here or am I being way to paranoid about this
application? Does anybody use server/client setup in their organization
that can send me comments about this traffic and how it affects their
bandwidth? Has anybody tried to use this as a smurf amplification tool?
Beth Young
MOREnet Security
1.800.509.6673
http://www.more.net/
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
