A pcANYWHERE Hosts Scanner is a network utility designed to scan IP address ranges and discover active systems running Symantec pcAnywhere host services.
Symantec pcAnywhere is a legacy, discontinued remote-control software suite. Because its source code was leaked and it lacks modern security controls, leaving it exposed on a network poses a critical security risk. Attackers frequently use similar scanning techniques to locate unprotected hosts, conduct brute-force dictionary attacks, and gain unauthorized remote control. 🔍 How Detection Works
Host scanners target the specific network ports and protocols used by pcAnywhere:
Port Probing: Scanners send requests to standard pcAnywhere ports: TCP port 5631 (Data) and UDP port 5632 (Status).
Status Queries: Dedicated tools (like Unixwiz pcascan or NirSoft pcANYWHERE Hosts Scanner) query the UDP status port to parse the packet responses and confirm if the service is active.
Vulnerability Assessments: Broad network security scanners (like OpenVAS or Tenable) include Network Vulnerability Tests (NVTs) to discover these endpoints automatically during routine internal audits. 🛡️ Security Best Practices
Because pcAnywhere does not support modern defenses like native Multi-Factor Authentication (MFA) or automated account lockouts, organizations should implement the following security measures: 1. Uninstall and Migrate (Primary Recommendation)
Decommission entirely: Symantec and security researchers strongly recommend completely uninstalling pcAnywhere from all enterprise networks.
Migrate to modern alternatives: Replace it with remote access solutions that natively support TLS protections, centralized identity provider integration, and MFA. 2. Network Isolation and Perimeter Security
Block public exposure: Never allow ports 5631 and 5632 to be accessible from the public internet.
Implement a VPN gateway: If the software must be used, restrict access so that users can only connect after establishing a secure VPN session with the internal network.
IP Whitelisting: Configure the pcAnywhere host settings to explicitly restrict connections to a specific, authorized list of internal IP addresses. 3. Host Hardening (If the software is mandatory) Symantec pcAnywhere™ Security Recommendations
Leave a Reply