PCAnywhere listens on ports 22 (TCP and UDP), 5631 (TCP) "pcanywheredata", and 5632 (TCP and UDP) "pcanywherestat), and 65301 (TCP). Uses an "IP discovery protocol" to find other PCAnywhere servers on the local segment, where the assumption is that the local segment is all IP addresses between "xxx.xxx.xxx.1" to "xxx.xxx.xxx.254" (i.e. the local class C allocation). Thus, cable-modem and DSL users will often see connections to this port from other people that have PCAnywhere installed.
If you own PCAnywhere and want to turn this feature off, then you must disable the "browsing" feature in the registry:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\pcANYWHERE\CurrentVersion\System
Value: TCPIPNetBroadcast
Type: DWORD
Settings:
- 0 = Do not browse for the host.
- 1 = Browse for the host by sending 254 directed UDP packets per network
- [DEFAULT] 2 = Browse for the host by sending one broadcast UDP packet per network. [8.0 only]
(quoted from Symantec Website) A machine that allows PCAnywhere control MUST be given a strong password. Hackers regularly scan the Internet looking for open PCAnywhere machines, break in, then use these machines to attack more interesting sites (like the Pentagon, CIA, NSA, etc.).
