Internet-Security raven logo internet-security.com

UDP 2967

ProtocolUDP
Port2967
LabelsSymantec System Center agent (SSC-AGENT)

Synopsis

  • Symantec AntiVirus Corporate Edition (SAVCE) and Symantec Client Security (SCS) use UDP port 2967 for client-to-parent server communications (e.g., discovery/heartbeat/status), alongside TCP 2967 for definition and policy distribution.
  • Real-world deployments of SAVCE 9.x/10.x and SCS 3.x commonly require allowing UDP 2967 between managed clients and their parent or management servers.
  • This port has been associated with exploitation: in 2006, worms and botnets (e.g., Randex/Spybot variants) scanned and attacked Symantec management services via a buffer overflow on port 2967 (primarily over TCP), enabling remote code execution on vulnerable SAVCE/SCS systems.

Observed activity

Last 30 days Detailed chart

More information