Through some discussions I have had with several people, I have a concern about NAV 7.5 server/client setup. I wanted other expert opinions on this issue. I am including some text from an email with a Symantec Engineer. My questions/comments are in [brackets]. >When NSCTOP starts, it initiates a quick discovery, which is >essentially a broadcast ping to the entire subnet. It asks >that any application listening on port 38293 please respond >with a pong packet. Any computers running PDS will respond to >the ping with a pong packet. [Can this be used in a type of smurf amplification attack??? Especially taken with the next comment?] >Intense Discovery. Walks the Network Neighborhood, attempting >to ping all computers it finds. [And lastly we have a built in Network scanner??]: >Scan Network tab. The scan network feature of the "Find >Computer" dialog allows you to scan a range of IP Addresses, >or IP subnets in order to find computers. Using the IP address >scan, you enter a range of IP addresses, which the dialog will >then loop through. The dialog requests the discovery service >to ping each address, and brings in any servers it finds. >Using the IP subnet scan, you can send broadcast packets to >specific subnets. This scan can circumvent routers that stop >normal broadcast packets. ------------ Am I missing something here or am I being way to paranoid about this application? Does anybody use server/client setup in their organization that can send me comments about this traffic and how it affects their bandwidth? Has anybody tried to use this as a smurf amplification tool? Beth Young MOREnet Security 1.800.509.6673 http://www.more.net/ _______________________________________________ Firewalls mailing list Firewalls@lists.gnac.net http://lists.gnac.net/mailman/listinfo/firewalls