[Dshield] Veritas Backup Exec Scanning

TRushing@hollandco.com TRushing at hollandco.com
Mon Jun 27 15:55:20 GMT 2005


What I find particularly interesting in looking at the Dshield port 
history for the Veritas vulnerabilitiy

http://www.dshield.org/port_report.php?port=10000&recax=1&tarax=2&srcax=2&percent=N&days=40&Redraw=

is that for the most part, targets are in the double (and sometimes 
triple) digits until the scans began to pick up after the notice came out 
late last week.

However, on 28 May, there are 25 source machines scanning nearly 50,000 
hosts.  That really stands out.  I imagine that it would be easy for 
Johannes or someone to look at those 25 source ips and determine whether 
that was the vendor or discoverer checking to see how widespread the 
problem was or if it was something else.  If we do end up with a worm out 
of this, I imagine those 25 addresses should get some closer scrutiny.

Tim Rushing
The Holland Company


More information about the list mailing list