Date: 26 December 2007
Click here for printable version
AusCERT has been observing significant increases in scanning on TCP port
4899. This port is used for RAdmin (http://www.radmin.com/), a program
that allows remote control of computers.
We are currently not aware of any new vulnerabilities in the RAdmin
product, however it might be a good idea to keep an eye on log files
and look for any suspicious activity. Even if a vulnerability does not
exist, weak user names and passwords (as with every remote connection
method) could allow an attacker access to systems.
Another way to prevent any possible weakness in RAdmin (or other remote
access software) is to block the required port at a firewall and
use a VPN connection. This will make users authenticate before allowing
RAdmin access to hosts.