Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: TCP/UDP Port Activity - SANS Internet Storm Center TCP/UDP Port Activity

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
[show ascii data]


Port Information
Protocol Service Name
tcp dameware Dameware Remote Admin
[get complete service list]
User Comments
Submitted By Date
Nick FitzGerald 2005-09-13 02:06:58
Spike 31 Aug thru early September 2005 probably due to remotely exploitable login username buffer overflow in DameWare Mini Remote Control Client Agent Service (dwrcs.exe): Reported to affect 4.0 thru, but not including, 4.9.0. Various versions of this agent are often surreptitiously installed by malware as a backdoor, so random scanning may turn up more installations than might otherwise be expected.
ChrisA 2004-04-28 00:21:35
There is at least one known buffer overflow vulnerablity in versions prior to 3.73. This vulnerablity may permit an unauthenticated attacker from executing code on your system.
Jerry Davis 2004-01-03 07:35:13
I have also seen quite a few successful entries via this port from dameware mini r/c. It also seems to be connected to slim FTP that shows up at the same time of infection.
Andreas 2003-12-22 23:18:25
Probably related to and/or I've seen multiple successful intrusions via this service today.
Davis Ray Sickmon, Jr 2003-12-22 07:41:30
Normally associated with DameWare and DameWare mini-RC, a remote control agent.
Add a comment
CVE Links
CVE # Description