[Intrusions] brightstor/arcserve backup client hacked
Eric Hines
eric.hines at appliedwatch.com
Tue Mar 1 15:00:25 GMT 2005
Andrew,
Does the Tcpdump contain packets from the actual attack? Would like to
create some Snort signature based on it.
Best Regards,
Eric Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC
1134 N. Main St.
Algonquin, IL 60102
Tel: (877) 262-7593 x327
Fax: (877) 262-7593
Web: http://www.appliedwatch.com
-----Original Message-----
From: intrusions-bounces at lists.sans.org
[mailto:intrusions-bounces at lists.sans.org] On Behalf Of Andrew Daviel
Sent: Monday, February 28, 2005 4:54 PM
To: intrusions at incidents.org
Subject: [Intrusions] brightstor/arcserve backup client hacked
Yesterday we had a number of Windows machines hacked via port 41523. The
attacker came in from a cable modem in Portugal then installed a rootkit
from the Czech Republic ...
This seems to be a vulnerability in Computer Associates BrightStor backup
(ARCserve)
http://archives.neohapsis.com/archives/bugtraq/2005-02/0123.html
some tcpdump data availalbe if anyone interested
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
security at triumf.ca
_______________________________________________
Intrusions mailing list
Intrusions at lists.sans.org
http://www.dshield.org/mailman/listinfo/intrusions
More information about the Intrusions
mailing list