[Dshield] Veritas Backup Exec Scanning
TRushing at hollandco.com
Mon Jun 27 15:55:20 GMT 2005
What I find particularly interesting in looking at the Dshield port
history for the Veritas vulnerabilitiy
is that for the most part, targets are in the double (and sometimes
triple) digits until the scans began to pick up after the notice came out
late last week.
However, on 28 May, there are 25 source machines scanning nearly 50,000
hosts. That really stands out. I imagine that it would be easy for
Johannes or someone to look at those 25 source ips and determine whether
that was the vendor or discoverer checking to see how widespread the
problem was or if it was something else. If we do end up with a worm out
of this, I imagine those 25 addresses should get some closer scrutiny.
The Holland Company
More information about the list