[Dshield] Port 6101 Scans

David Taylor ltr at isc.upenn.edu
Sun Jun 26 22:39:25 GMT 2005


Well, there was two exploits released which used port 10000 and I was a
little nervous about port 6101.  I don't know how Veritas works and if the
port 10000 exploit can be used on port 6101 as well but it is obvious
someone is really curious about who has port 6101 opened up.  If it is a
large (or multiple) botnets all of a sudden scanning for port 6101 (which is
currently dwarfing the traffic I see on port 10000) something might be up.
Brace for impact?  Who knows.


==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
LTR at ISC.UPENN.EDU               (215) 898-1236
http://www.upenn.edu/computing/security/
================================================== 

SANS - The Twenty Most Critical Internet Security Vulnerabilities 
http://www.sans.org/top20/

SANS - Internet Storm Center
http://isc.sans.org


-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Jeff Kell
Sent: Sunday, June 26, 2005 6:19 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Port 6101 Scans


David Taylor wrote:
> SANS is showing a sharp increase.  
> 
>
http://isc.sans.org/port_details.php?port=6101&repax=1&tarax=2&srcax=2&perce
> nt=N&days=10
> 
> Is this a worm?  

Ahhh... 6101 is Veritas backup agent (duuhhh!  look at today's diary!).

Jeff (runs and hides)

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list