Threat Level: green Handler on Duty: Basil Alawi S.Taher

SANS ISC: TCP/UDP Port Activity - SANS Internet Storm Center TCP/UDP Port Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Sources
Targets
[show ascii data]


   

Port Information
Protocol Service Name
tcp dameware Dameware Remote Admin
[get complete service list]
User Comments
Submitted By Date
Comment
Nick FitzGerald 2005-09-13 02:06:58
Spike 31 Aug thru early September 2005 probably due to remotely exploitable login username buffer overflow in DameWare Mini Remote Control Client Agent Service (dwrcs.exe): http://www.frsirt.com/english/advisories/2005/1596 Reported to affect 4.0 thru, but not including, 4.9.0. Various versions of this agent are often surreptitiously installed by malware as a backdoor, so random scanning may turn up more installations than might otherwise be expected.
ChrisA 2004-04-28 00:21:35
There is at least one known buffer overflow vulnerablity in versions prior to 3.73. This vulnerablity may permit an unauthenticated attacker from executing code on your system.
Jerry Davis 2004-01-03 07:35:13
I have also seen quite a few successful entries via this port from dameware mini r/c. It also seems to be connected to slim FTP that shows up at the same time of infection.
Andreas 2003-12-22 23:18:25
Probably related to http://www.securiteam.com/windowsntfocus/6N00B1P95I.html and/or http://www.k-otik.com/exploits/08.13.nfm-shatterdame.c.php. I've seen multiple successful intrusions via this service today.
Davis Ray Sickmon, Jr 2003-12-22 07:41:30
Normally associated with DameWare and DameWare mini-RC, a remote control agent.
Add a comment
CVE Links
CVE # Description