Educause Security Discussion mailing list archives
Re: Veritas Backup Exec Vulnerability
From: Doug Pearson <dodpears () INDIANA EDU>
Date: Thu, 13 Jan 2005 14:35:59 -0500
Scanning for machines at TCP/6101 is now very active. The attached graph shows netflow activity seen on the Internet2 Abilene network over the past week. Activity is up sharply beginning 01/11. The REN-ISAC darknet caught 11 sources scanning on 01/12. Today we see 30 hosts (commercial and Abilene). We're reporting those hosts to owning insitutions and upstream providers. Doug Pearson Research and Education Networking ISAC 24x7 Watch Desk: +1(317)278-6630, ren-isac () iu edu http://www.ren-isac.net At 02:17 PM 1/13/2005 -0500, H. Morrow Long wrote:
Without disclosing any names, yes, Universities in the northeast US have experienced incidents via Veritas Backup Exec being actively exploited on the Internet starting yesterday. Encourage/push admins to patch/fix and you may wish to block TCP port 6101 at Internet or local routers. - H. Morrow Long, CISSP, CISM University Information Security Officer Director -- Information Security Office Yale University, ITS On Jan 13, 2005, at 1:54 PM, Eddie H. Hunter wrote:Dear All, We are experiencing some incidents with the Backup Exec exploit on Novell Netware Servers and were interested if others were seeing this as well. Please drop me a note if you are having the same experience. Thank You, Eddie H. Hunter UGA Office of Information Security UGA-CIRT ehunter () uga edu 706-542-7949 "Maintaining the Constant Vigil of Integrity" This message and any attachment is intended only for the use of the addressee and may contain information that is PRIVILEGED. If you are not the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately. Thank You. Security Warning: Please note that this e-mail has been created in the knowledge that Internet e-mail is not a 100% secure communications medium. We advise that you understand and observe this lack of security when e-mailing us. Viruses: Although we have taken steps to ensure that this e-mail and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Veritas Backup Exec Vulnerability Eddie H. Hunter (Jan 13)
- <Possible follow-ups>
- Re: Veritas Backup Exec Vulnerability Jim Bollinger (Jan 13)
- Re: Veritas Backup Exec Vulnerability Hedrick, Gregory W (Jan 13)
- Re: Veritas Backup Exec Vulnerability H. Morrow Long (Jan 13)
- Re: Veritas Backup Exec Vulnerability Doug Pearson (Jan 13)
- Re: Veritas Backup Exec Vulnerability John Kowalczyk (Jan 13)
- Re: Veritas Backup Exec Vulnerability Brian Eckman (Jan 13)
- Re: Veritas Backup Exec Vulnerability Samuel Petreski (Jan 13)
- Re: Veritas Backup Exec Vulnerability Jordan Wiens (Jan 13)
- Re: Veritas Backup Exec Vulnerability David Taylor (Jan 18)
- Re: Veritas Backup Exec Vulnerability Cam Beasley, ISO (Jan 18)
- Re: Veritas Backup Exec Vulnerability David Taylor (Jan 18)