VectorWorks portscans on port 30999

While testing Symantec Client Security for possible use on our network, I noticed two machines tripping the portscan IDS signature on port 30999. A quick Google search revealed that this was port was primarily used as a back door by the Kuang2 trojan, so we disabled the network ports of the two workstations and sent some techs to check it out. They couldn't find any malware on the machines, but since no one could tell me what was portscanning our subnet on 30999 from them, I told them to wipe them anyhow. As one of the techs was setting the machine back up, it tripped my firewall again, and I immediately called him and asked him what he was doing. He said he's just installed VectorWorks, so I asked him to run it, and sure enough, that's when the machine portscans on 30999.

I searched Google, the manufacturer's web site, and their support forum, and none of them mention that port, so I e-mailed their tech support and got this response:

Dear Nemetschek North America Customer:

Thank you for your inquiry.

VectorWorks does do a network check to see if any serial numbers are duplicated and are used at the same time. It can not be prevented since it is hard coded into the software.

If you have any other questions, comments, or suggestions, please feel free to contact us at (410) 290-5114 (tel) or (410) 290-8050 (fax) or (e-mail).

Respectfully, Technical Support

So, it's legitimate (annoying) behavior. The kicker is SCS will disable all communication with the "attacking" machine for 30 minutes by default. So, you can launch VectorWorks, then find that all the machines on your subnet running Symantec Client Security refuse to talk to you for half an hour. Congratulations, you've DoSed yourself!

Obviously, the best solution here is to run a firewall that filters your outgoing packets, and deny VectorWorks the ability to talk on your network, or better yet, configure your managed switch network to not allow all port 30999 communications. Or, even better yet, stop using VectorWorks until they decide to trust you as a customer.