Ian, This port relates to Intel Ping Discovery Service (Intel PDS). It is used by NAV to scan the network and find NAV Servers/Clients. When the NAV Server "pings" the network, it tries to ping port 38293 to find NAV Servers. These NAV Servers has a list of clients that it manages. So, Symantec System Center (console) can show you all your NAV Domain. Your server will always receive connections from other NAV Servers because, every 60 minutes (by default), there's a pooling coming from NAV Clients (rtvscan.exe) trying to connect to 38293 to pull definitions and configurations. 'Till the date, I didn't hear any vulns in this service. Hope it helps ----- Original Message ----- From: "Ian Melven" <imelvenat_private> To: <incidentsat_private> Sent: Thursday, December 06, 2001 1:45 PM Subject: norton AV host discovery scan > > hi everyone > > i was wondering if anyone else has been seeing scans of > 38293/udp recently ? > > they seem to be coming from the same source.. and repeat > 1-3 times per day. > > snort.org's ports db tells me this is Norton AV host discovery ? > > i dug around briefly but couldn't find any published holes in this. > > i suspect someone may be misconfigured. > > thanks > ian > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Dec 08 2001 - 22:45:10 PST