mailing list archives
Re: [PEN-TEST] Carbon Copy Question
From: Jim Watt <jimw () SJO APPLIEDBIOSYSTEMS COM>
Date: Thu, 7 Sep 2000 11:13:23 -0700
--On 09/07/2000 11:27 AM -0400 Scott Lupro wrote:
} I am a bit curious about Carbon Copy (CC). We are doing some
} research/pen-testing on how CC communicates. We have noticed that it
} orginally begins on port 1680 but then seems to randomize its port
I'd be _very_ interested in how CC works. We collect UDP/1680 attempts
from machines all over our internal WAN, suggesting that something
resembling machine scans for other copies of CC propagate across our
WAN. That means the traffic isn't broadcast, or it wouldn't propagate.
This is very unnerving. We've not seen any damage, because the machines
that are collecting the attempts aren't listening for UDP/1680 - they're
logging the attempt.
I've looked for documentation about CC port usage, and haven't
found anything. What I'd _really_ like to find is some way CC
could be configured to not snoop WANs for other copies of itself.
Jim Watt jimw () sjo appliedbiosystems com
Applied Biosystems Voice (desk): +1 408 577 2228
Informatics Fax: +1 408 894 9307
3833 North First Street Voice (main): +1 408 577 2200
San Jose CA 95134-1701
What's happening in the Biotech world? Find out at http://www.biobeat.com