Educause Security Discussion mailing list archives

Re: Veritas Backup Exec Vulnerability

From: Doug Pearson <dodpears () INDIANA EDU>
Date: Thu, 13 Jan 2005 14:35:59 -0500

Scanning for machines at TCP/6101 is now very active. The attached graph shows netflow activity seen on the Internet2 
Abilene network over the past week. Activity is up sharply beginning 01/11. The REN-ISAC darknet caught 11 sources 
scanning on 01/12. Today we see 30 hosts (commercial and Abilene). We're reporting those hosts to owning insitutions 
and upstream providers.

Doug Pearson
Research and Education Networking ISAC
24x7 Watch Desk: +1(317)278-6630, ren-isac () iu edu
http://www.ren-isac.net



At 02:17 PM 1/13/2005 -0500, H. Morrow Long wrote:

Without disclosing any names, yes, Universities
in the northeast US have experienced incidents via
Veritas Backup Exec being actively exploited on
the Internet starting yesterday.

Encourage/push admins to patch/fix and you may
wish to  block TCP port 6101 at Internet or local routers.

- H. Morrow Long, CISSP, CISM
 University Information Security Officer
 Director -- Information Security Office
 Yale University, ITS


On Jan 13, 2005, at 1:54 PM, Eddie H. Hunter wrote:

Dear All,

We are experiencing some incidents with the Backup Exec exploit on
Novell
Netware Servers and were interested if others were seeing this as well.
Please drop me a note if you are having the same experience.

Thank You,

Eddie H. Hunter
UGA Office of Information Security
UGA-CIRT
ehunter () uga edu
706-542-7949

"Maintaining the Constant Vigil of Integrity"

This message and any attachment is intended only for the use of the
addressee and may contain information that is PRIVILEGED. If you are
not the
intended recipient, you are hereby notified that any dissemination of
this
communication is strictly prohibited. If you have received this
communication in error, please erase all copies of the message and its
attachments and notify us immediately.  Thank You.

Security Warning: Please note that this e-mail has been created in the
knowledge that Internet e-mail is not a 100% secure communications
medium.
We advise that you understand and observe this lack of security when
e-mailing us.

Viruses: Although we have taken steps to ensure that this e-mail and
attachments are free from any virus, we advise that in keeping with
good
computing practice the recipient should ensure they are actually virus
free.

**********
Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/groups/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Veritas Backup Exec Vulnerability Eddie H. Hunter (Jan 13)
- <Possible follow-ups>
- Re: Veritas Backup Exec Vulnerability Jim Bollinger (Jan 13)
- Re: Veritas Backup Exec Vulnerability Hedrick, Gregory W (Jan 13)
- Re: Veritas Backup Exec Vulnerability H. Morrow Long (Jan 13)
- Re: Veritas Backup Exec Vulnerability Doug Pearson (Jan 13)
- Re: Veritas Backup Exec Vulnerability John Kowalczyk (Jan 13)
- Re: Veritas Backup Exec Vulnerability Brian Eckman (Jan 13)
- Re: Veritas Backup Exec Vulnerability Samuel Petreski (Jan 13)
- Re: Veritas Backup Exec Vulnerability Jordan Wiens (Jan 13)
- Re: Veritas Backup Exec Vulnerability David Taylor (Jan 18)
- Re: Veritas Backup Exec Vulnerability Cam Beasley, ISO (Jan 18)
- Re: Veritas Backup Exec Vulnerability David Taylor (Jan 18)